Hi! > 1) Check that /tmp/mc-$USER is ours. I think if I do stat() and it says > that I'm the owner, no adversary will be able to replace the directory.
lstat() instead of stat() will be okay. stat() can be bad if someone else owns a symlink which points to a file of yours, and in the next moment he removes/alters that symlink. Again, portability issues... I'm afraid lstat() is not available everywhere :( > If /tmp/mc-$USER is ours, set proper permissions (700) on it if necessary > and use it. Note that the files inside that directory still have random > names. > > 2) If that fails, warn the user and create a directory under /tmp with a > random name e.g. /tmp/mc-$USER-$RANDOM. If that works, schedule the > directory for removal using g_atexit (portable atexit from glib) and use > the directory. > > 3) If that fails, warn the user, set temporary directory to NULL and > continue, but deny any requests to create temporary files. This is okay, provided that you try many random filenames in step 2, not just one or two. In this case step 3 will only be reached under very rare circumstances (really hard spoofing by someone else or some setup problem with /tmp). bye, Egmont _______________________________________________ Mc-devel mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/mc-devel