[darcs-users] Re: predictable temp file name
Zachary P. Landau
kapheine at divineinvasion.net
Fri Jun 23 18:00:04 UTC 2006
On Fri, Jun 23, 2006 at 11:19:57AM -0500, Graham Wilson wrote:
> On Fri, Jun 23, 2006 at 10:13:42AM -0500, Richard A. Smith wrote:
> > Newer darcs appear to have a predictable temp filename on record. Isn't
> > this a security problem?
>
> Is it actually a file in a sticky directory (e.g. tmp), or is it in the
> _darcs directory? The former is perfectly fine (unless you don't trust
> yourself), but the latter is certainly a problem.
How would having it in /tmp be a problem, as long as your permissions
are sane? (And assuming that darcs is smart about how it creates files
and sets permissions, which I think it is)
--
Zachary P. Landau <kapheine at divineinvasion.net>
GPG: gpg --recv-key 0xC9F82052 | http://divineinvasion.net/kapheine.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.osuosl.org/pipermail/darcs-users/attachments/20060623/613cfc76/attachment.pgp
More information about the darcs-users
mailing list