On Sat, May 2, 2009 at 5:07 PM, Fritz Anderson <fri...@manoverboard.org> wrote: > For most purposes, it's enough for the plugin to write what it has learned > into /tmp, for one of the scripts to act on.
Do not use /tmp. Use NSTemporaryDirectory, which on Leopard is a user-specific directory. Using /tmp opens up a class of security vulnerabilities that might allow code execution in another user's context. Also, be very careful if you're trying to use temporary files to pass data from a non-privileged to a privileged process. You might introduce a race condition under which a malicious application could escalate its privileges by overwriting the contents of the temporary file between the non-privileged write and the privileged read. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
