[GRASS5] [bug #2877] (grass) Insecure tempfile creation
Glynn Clements
glynn at gclements.plus.com
Wed Jan 19 13:59:30 EST 2005
Hamish wrote:
> Just an update re. less-insecure tempfiles ..
>
> In the upstream GRASS 5.7 CVS[*] pretty much everything in the scripts/
> directory now uses g.tempfile. C modules are next. I am not sure what to
> do with the init scripts & libs where the GRASS tempfile fn's may not be
> available..
Re-write g.tempfile so that it doesn't rely upon GRASS having been
initialised, i.e. just use tempnam() or similar rather than relying
upon G_getenv() etc.
The only code which really needs to use G_tempfile() is code which
creates files within the GRASS database (e.g. G_open_cell_new() etc),
as the files have to reside on the same filesystem as the rest of the
database.
Everything else can use $TMPDIR.
--
Glynn Clements <glynn at gclements.plus.com>
More information about the grass-dev
mailing list