Small security patch for KTempFile

Oswald Buddenhagen ossi at
Wed Sep 8 14:03:47 BST 2004

On Wed, Sep 08, 2004 at 08:40:59AM -0400, Ian Reinhart Geiser wrote:
> While not an obvious security hole, i don't see a problem with using a
> safer  method where we can.
but it is not safer! if the directory is created in an unsafe location
(i.e., a parent could change under our feet), we have lost anyway.
- it does not buy us anything to ensure that we chmod/chown the right
  directory, if we cannot be sure that the path will refer to the same
  location when we actually start to use this directory - and that's
  impossible to ensure, as you can't point to files with a file
  descriptor of the directory they live in.
- apart from that, there is still a vulnerable window between the
  creation of the directory and opening a handle to it.

Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.

More information about the kde-core-devel mailing list