KTemporaryFile::createLocalFile()
Matthew Woehlke
mw_triad at users.sourceforge.net
Fri Jul 6 00:08:38 BST 2007
Oswald Buddenhagen wrote:
> On Thu, Jul 05, 2007 at 10:59:28AM -0500, Matthew Woehlke wrote:
>> Oswald Buddenhagen wrote:
>>> assume temp files in /tmp. this dir is sticky.
>> Um... no, you *hope* /tmp is sticky; I have access to at least one
>> computer where this is not the case. Is that system misconfigured?
>> Probably. (Forget /tmp, the default umask on said computer is 000.
>> Secure? I think not.) Nevertheless, IMO we shouldn't rely on systems
>> being "properly configured" when there is a solution that is safe
>> regardless.
>>
> bah. that does not make sense. aiming for security on such a box is
> securing the door of a blown up house. one just *has* to make
> assumptions to get anywhere.
Ok, we'll "assume" that HP-UX is an inherently insecure OS, then :-).
> back to our concrete example: if /tmp is not sticky, Evil User can
> simply replace our super-secure /tmp/kde-<Good User>. and i guess you'll
> agree that it is not possible to operate on a directory through a file
> handle (at least in a portable way, that is).
Regardless, the point, and apparent agreement in this thread, is that
it's silly to rely on this form of security when there is a secure
alternative that isn't susceptible to this issue.
--
Matthew
Disadvantage: Bad Puns [-5]
You constantly utter puns so egregious as to cause mental distress to
anyone hearing them. This can, however, be used to distract enemies.
More information about the kde-core-devel
mailing list