On Tue, 09 Oct 2012, Albert Chu wrote: > > > The default location for this library's debug dumps is /tmp. I > > > admittedly chose it somewhat at random, it just felt like a decent > > > location. > > my take on it (Dave might clarify what intention he had) was -- security > > precaution since wouldn't it allow an attack vector via symlinks to > > root-owned precious files? (e.g. an evil attacker might ln -s > > /etc/whateverimportant /tmp/ipmiconsole_debug) so then naive run of the > > ipmiconsole as root would render that file "broken" > Makes sense, I could see that.
> > I guess ideally --debug should just take a filename as an argument... ? > The --debug output in the ipmiconsole tool outputs dumps to stderr. ah ;) > Hmmmm. What would be the best thing to do? I'm actually liking the idea > of dumping to the current working directory, so that it's the > responsibility of the developer to know what they are doing with this > option. and you are the boss here -- then O_EXCL should still be kinda useful to preclude those evil acts as far as I see it -- the "developer" might end up in /tmp after some wonder-abouts ;) alternatively -- debug output filename could make use of mkstemp to craft a unique filename -- Yaroslav O. Halchenko Postdoctoral Fellow, Department of Psychological and Brain Sciences Dartmouth College, 419 Moore Hall, Hinman Box 6207, Hanover, NH 03755 Phone: +1 (603) 646-9834 Fax: +1 (603) 646-1419 WWW: http://www.linkedin.com/in/yarik -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
