[GRASS-dev] G.proj requirements?
Paul Kelly
paul-grass at stjohnspoint.co.uk
Wed Dec 20 03:58:47 EST 2006
On Wed, 20 Dec 2006, Glynn Clements wrote:
>> Right. It was mentioned before that tempnam() could be used - although I
>> see on Linux that warns that it shouldn't---but I don't understand why.
>
> Race conditions.
>
> Because tempnam() doesn't create the file, it's possible for another
> user's process to create a file (or, more significantly, a link to an
> existing file) with that name before your process does. This is
> considered a potential security vulnerability, as an attacker can
> trick a user into creating or modifying files which the attacker
> wouldn't have access to.
Ah OK. But the current G_tempfile() doesn't attempt to create the file
either (although interestingly, g.tempfile does) so we wouldn't be losing
or gaining anything there IIUC?
More information about the grass-dev
mailing list