[GRASS5] files stored in /tmp/ from init.sh
Hamish
hamish_nospam at yahoo.com
Wed Feb 2 22:24:38 EST 2005
> > > The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable,
> > > leaving the system open to symlink attacks...
> > >
> > > can someone who understands the internals look into this please?
> >
> > The startup should create the /tmp/grass6-$USER-$GIS_LOCK directory
> > such that it is only accessible to the current user. If the
> > directory already exists, the startup should abort.
>
> Clarification: by "should", I mean that it ought to work this way; I
> don't think that it does at present.
It does as of now:
tmp=/tmp/grass6-$USER-$GIS_LOCK
(umask 077 && mkdir "$tmp") || {
echo "Cannot create temporary directory! Exiting." 1>&2
exit 1
}
GISRC="$tmp/gisrc"
export GISRC
Hamish
More information about the grass-dev
mailing list