Hi! Recent snapshots (2002-12-23-17 and similar ones) of mc create the directory /tmp/mc-$USER. (src/utilunix.c: mc_tmpdir())
This is a bad idea, since another user may create this directory with arbitrary permissions and files in it, causing mc to misbehave for me. Whenever a temporary file or directory is used under /tmp or $TMPDIR, the library calls mkstemp() or mkdtemp() should be used. Alternatively, a directory or file under the user's home can be used, but this raises more issues: the file name should contain at least the PID and the hostname, so that two mc's running on different hosts sharing the same home over NFS do not disturb each other. Also it should be taken to account that locking and atomicity might be poor over network filesystems. Large files should not be kept there (because of possible low user quota or low network bandwidth). However, the file created for the -P option might go here for example, but /tmp is good, too. For VFS-created temporary files a directory created by mkdtemp() could be a good solution. Since this directory is only used by one mc process, it should be (recursively) removed when quitting mc. Currently the argument of the -P option is opened with the O_EXCL flag (src/main.c line 2359). This has no problem as long as this file sits under a directory which is guaranteed to be owned by me (as it isn't now), but I don't see any advantages of it as soon as the directory is sure mine. (Currently the directory can be owned by another user, in which case the lack of that O_EXCL flag could let him destroy any of my files (creating a symlink there)). However, that O_EXCL flag does cause some problems. First: I can't use mktemp from the wrapper shell script to create a file that is owned by me and later let mc use that one for its -P option. Second: I can't use /dev/stdout or /dev/stderr there. To summarize all these: temporary directory should be created by mkdtemp(), it should be removed at exit, O_EXCL should IMHO be removed when opening the -P file, the wrapper script should use a file under the user's home, or a file created by the mktemp command. cheers, Egmont Koblinger UHU Linux (Hungarian Linux Distribution) www.uhulinux.hu _______________________________________________ Mc-devel mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/mc-devel
