From: Wolfgang W. <wol...@di...> - 2024-10-08 13:50:15
|
I like the solution suggested by Andrew as well. This should allow an easy transition of existing code without sacrificing security. Am 07.10.24 um 17:59 schrieb Andrew Piskorski: > On Mon, Oct 07, 2024 at 12:54:32PM +0200, Gustaf Neumann (sslmail) wrote: > >> However, there are many cases, where existing programs use "ns_mkstemp", which cannot be replaced easily. When looking at OpenACS, I see 33 cases like >> >> - the temporary name is passed to an external program (e.g. "tar", "zip", image creation), or >> - the temporary name is passed to a Tcl function expecting a filename (e.g. "file copy"). > Interesting. It sounds like are no 100% good solutions for this, and > in fact there CAN'T be. > >> - Call the safe function (e.g. mkstemp()) and delete the file, while >> producing a depreciation message? This could also be done on the Tcl-level. > I guess so. Probably with a switch to control whether the file is > created and remains (new-style behavior), or gets quickly deleted > (more fully backward compatible). > > I'd lean towards turning ns_mktemp into a wrapper around Tcl's "file > tempfile". That calls TclUnixOpenTemporaryFile() and thus mkstemp() > or mkstemps(), but it looks like Tcl has already done the necessary > work to easily make the wrapper backwards compatible with the > old-style ns_mktemp. And having the compatibility wrapper in Tcl > instead of C makes it a lot easier for NaviServer users to adjust it > to their own needs if necessary. > |