[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: backup method
From: |
David Kastrup |
Subject: |
Re: backup method |
Date: |
Thu, 03 Feb 2005 10:27:24 +0100 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/21.3.50 (gnu/linux) |
Richard Stallman <address@hidden> writes:
> Any reason why you didn't use make-temp-file?
>
> make-temp-file creates the file empty. Between that and writing the
> data into it, someone else could delete the file and put in a symlink.
The permissions in world-writable temp directories are almost always
1777 which means that nobody but the owner can delete such a file.
Symlink attacks are only possible when the file name can be guessed by
an outside attacker _before_ the file is created.
It is probably just prehistoric and/or misconfigured systems (and
Windows?) where anybody can delete a file from somebody else in
temporary directories.
--
David Kastrup, Kriemhildstr. 15, 44793 Bochum