Menu
▾
▴
Re: [Lcd4linux-devel] make lcd4linux secure!
|
From: Michael R. <re...@eu...> - 2004-06-02 05:19:10
|
Hi Jerry, > There are a few things you can try, each with their own limitations... > > 1. Use mkstemp() to create the filename. With a random filename, it > becomes much harder for a hacker to misuse the file. I don't know if or > how you can get the filename for the file created by mkstemp(). I don't want to create the file in the temp directory, but in the same dir as the output file (so that the following rename() call must not copy any data) > 2. Write the file to a directory owned by root. /tmp can be a bad place > for secure files because anyone can write to it. Then the rename > technique would work. That's not that easy, too: I want to write the file the user specifies with the -o option. But I think I've already fixed this: I'm calling unlink() just before the open() to remove the file if it exists. The open() is called with the O_EXCL flag, which means it will fail if the file existed. As we've unlinked it just before, this should never happen. If it happens, I emit an error and abort. This looks secure enough to mee. bye, Michael -- Michael Reinelt Tel: +43 676 3079941 Geisslergasse 4 Fax: +43 316 692343 A-8045 Graz, Austria e-mail: re...@eu... |
