Markus Steinborn <[email protected]> wrote: > [email protected] schrieb:
Surely you meant [email protected] . >> I wrote a while ago: >> >>> I slightly wonder about the writing of the tmp file >>> open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666) >>> from within gs (no O_EXCL so would follow a symlink allowing clobber). >>> >> It is not for gs to verify the security of the tmp file passed as >> argument (it cannot do that), but gv should pre-create the file in >> a safe way. > > I cannot find a problem there. GNU gv creates the file as follows: > > (ps.c, psscan()): filename_dsc=file_getTmpFilename(NULL,filename_raw); > where getTmpFilename itself uses mkstemp to create the file (assuming > mkstemp is available on your system, which is the case on GNU/Linux). > Have verified that the permissions are 600 after getTmpfilename(). Sorry, but my ltrace or strace shows otherwise: gv does NOT use mkstemp, gv does NOT open the file but gs does. (Thankfully gv seems to set a sane "umask 077" before invoking gs.) If gv used mkstemp as you say, opening and pre-creating the file as I suggested, then things would be "right". Cheers, Paul Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
