Secure Coding mailing list archives
temporary directories
From: leichter_jerrold at emc.com (Leichter, Jerry)
Date: Fri, 29 Dec 2006 18:56:53 -0500 (EST)
| Not on Unix, but I tend to use temporary names based on the Process ID | that is executing. And of course file protection prevents malevolent | access. | | But for a temporary file, I will specify a file that is not in any | directory. I presume there is such a capbility in Unix. You presume incorrectly. You're talking about VMS, where you can open a file by file id. The Unix analogue of a file id is an inode number, but no user-land call exists to access a file that way. You can only get to a file by following a path through the directory structure. In fact, all kinds of Unix code would become insecure if such a call were to be added: It's a common - and reasonable - assumption that accessing a file requires access to the (well, a) directory in which that file appears (not that it isn't prudent to also control access to the file itself). One can argue this both ways, but on the specific matter of safe access to temporary files, VMS code that uses FID access is much easier to get right than Unix code that inherently has to walk through directory trees. On the other hand, access by file id isn't - or wasn't; it's been years since I used VMS - supported directly by higher-level languages (though I vaguely recall that C had a mechanism for doing it). A mechanism that requires specialized, highly system-specific low-level code to do something so straightforward is certainly much better than no mechanism at all, but it's not something that will ever be used by more than a small couterie of advanced programmers. -- Jerry
Current thread:
- Compilers, (continued)
- Compilers David A. Wheeler (Dec 21)
- Compilers Gary McGraw (Dec 21)
- Compilers SC-L Subscriber Dave Aronson (Dec 27)
- Compilers Leichter, Jerry (Dec 27)
- Compilers David A. Wheeler (Dec 28)
- Compilers Leichter, Jerry (Dec 29)
- temporary directories Robert C. Seacord (Dec 29)
- temporary directories ljknews (Dec 29)
- temporary directories Leichter, Jerry (Dec 29)
- temporary directories ljknews (Dec 29)
- temporary directories Leichter, Jerry (Dec 30)
- temporary directories ljknews (Dec 30)
- temporary directories Florian Weimer (Dec 30)
- temporary directories ljknews (Dec 30)
- Compilers Leichter, Jerry (Dec 29)
- temporary directories der Mouse (Dec 29)
- temporary directories Mark Rockman (Dec 30)