[GRASS-dev] G.proj requirements?

Glynn Clements glynn at gclements.plus.com
Wed Dec 20 11:52:18 EST 2006


Paul Kelly wrote:

> >> Right. It was mentioned before that tempnam() could be used - although I
> >> see on Linux that warns that it shouldn't---but I don't understand why.
> >
> > Race conditions.
> >
> > Because tempnam() doesn't create the file, it's possible for another
> > user's process to create a file (or, more significantly, a link to an
> > existing file) with that name before your process does. This is
> > considered a potential security vulnerability, as an attacker can
> > trick a user into creating or modifying files which the attacker
> > wouldn't have access to.
> 
> Ah OK. But the current G_tempfile() doesn't attempt to create the file 
> either (although interestingly, g.tempfile does) so we wouldn't be losing 
> or gaining anything there IIUC?

tempnam() might end up creating the files in a world-writable
directory. Even if you specify a directory which is known to be safe,
$TMPDIR takes precedence.

Personally, I consider it the user's responsibility not to point
$TMPDIR at a world-writable directory.

-- 
Glynn Clements <glynn at gclements.plus.com>




More information about the grass-dev mailing list