[GRASS5] files stored in /tmp/ from init.sh
Hamish
hamish_nospam at yahoo.com
Thu Jan 27 18:38:23 EST 2005
Hi,
re. GRASS Bug # 2877 (Debian Bug # 287651)
Insecure use of the '/tmp/' directory.
I'm getting through the instances; pretty much done actually.
g.tempfile didn't have to change.
There's one that goes deeper than I want to mess with, ie the locking
mechanism..
/tmp/grass6-$USER-$GIS_LOCK/gisrc
referenced by
lib/init/init.sh
lib/gis/unix_socks.c
(changing this might mean lib/gis/win32_pipes.c needs to be changed too)
The "/tmp/grass6-$USER-$GIS_LOCK/gisrc" file is predictable, leaving the
system open to symlink attacks...
can someone who understands the internals look into this please?
thanks,
Hamish
More information about the grass-dev
mailing list