[fpc-pascal] GetTempFileName in Linux
Jonas Maebe
jonas.maebe at elis.ugent.be
Wed Oct 6 12:57:02 CEST 2010
On 06 Oct 2010, at 11:59, Michael Van Canneyt wrote:
> On Wed, 6 Oct 2010, Jonas Maebe wrote:
>
>> Nobody else can steal the file once you have created it, because
>> they won't be the owner nor have the necessary permissions. That is
>> the main security risk and it is solved by this approach. The fact
>> that another process running under your login not using O_EXCL
>> could overwrite it is not an extra security risk (if you have a
>> rogue process running under your login, nothing that you do is safe
>> because it can use ptrace to modify any process in any way it sees
>> fit anyway).
>
> And that is why I think the whole point is hugely exaggerated :-)
It's not, because currently a process from *another* user can
trivially intercept your temporary files. If you have a daemon running
as root, that is a major security concern.
Jonas
More information about the fpc-pascal
mailing list