[GRASS5] [bug #2961] (grass) lib/gis/unix_socks.c fails unless
$TMPDIR is /tmp
Hamish
hamish_nospam at yahoo.com
Thu Feb 3 22:36:50 EST 2005
> > I just did a little audit and I think my recenct security fix to
> > init.sh introduced a bug. I'd like to fix it ASAP - if not I'll
> > remove the $TMPDIR capability and revert to always using /tmp (maybe
> > in the next 24 hours).
> >
> > The bug is this:
> >
> > init.sh now uses $TMPDIR (if it exists) to place the temporary
> > session files in. If $TMPDIR doesn't exist it uses /tmp. Now
> > lib/gis/unix_socks.c has "/tmp" hardcoded and I don't know how to do
> > the 'if(! $TMPDIR) then "/tmp"' test in C.
> >
> > It might still work, but would leave files scattered about,
> > reintroduce the security issues, etc..
> >
[so I changed it back to hardcoded "/tmp" for now]
> I haven't looked at any of the source files but what about a GRASS
> variable TMPDIR that would contain either the system TMPDIR or /tmp
> depending on the checks at startup. Then in the C file you could
> access it as G_getenv("TMPDIR") or something and you wouldn't have to
> repeat the logic checking if TMPDIR is set.
Seems a bit redunant.. it is only queried by unix_socks.c|win32_pipes.c
so it is just one check to add. I would think that this is not a GRASS
variable you really want to have changed after startup, and leaving it
in the g.gisenv list begs for it to be changed. Sure the user can change
the shell variable too, but it isn't as visible as something to fiddle
with.
?
Hamish
More information about the grass-dev
mailing list