KTemporaryFile::createLocalFile()
Oswald Buddenhagen
ossi at kde.org
Thu Jul 5 18:00:05 BST 2007
On Thu, Jul 05, 2007 at 10:59:28AM -0500, Matthew Woehlke wrote:
> Oswald Buddenhagen wrote:
>> assume temp files in /tmp. this dir is sticky.
>
> Um... no, you *hope* /tmp is sticky; I have access to at least one
> computer where this is not the case. Is that system misconfigured?
> Probably. (Forget /tmp, the default umask on said computer is 000.
> Secure? I think not.) Nevertheless, IMO we shouldn't rely on systems
> being "properly configured" when there is a solution that is safe
> regardless.
>
bah. that does not make sense. aiming for security on such a box is
securing the door of a blown up house. one just *has* to make
assumptions to get anywhere.
back to our concrete example: if /tmp is not sticky, Evil User can
simply replace our super-secure /tmp/kde-<Good User>. and i guess you'll
agree that it is not possible to operate on a directory through a file
handle (at least in a portable way, that is).
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.
More information about the kde-core-devel
mailing list