I've just seen the Debian bug about temporary files: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496360
If I understand correctly, what's wrong is to generate a temporary filename and assume that it is available without checking. Then, somebody may figure out what we generate and has a handle on controlling the behavior of the app (change the config, corrupt the logs, put illegal music on air, etc.) It's currently been partly addresses in liGuidsoap. What remains to be done is not to log in /tmp/liguidsoap-PID.log. I presume that it could be done easily using tempfile -- I'll try to do that soon, but it annoys me to maintain lig. Concerning liquidsoap itself, there is no such flaw, as far as I can see. Currently temporary files are used by default only for protocol resolutions, i.e. when downloading (http) or synthesizing (say) a file. In these cases Filename.temp_file is used, and it does provide a new, unused, file. Cheers, David ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Savonet-devl mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/savonet-devl
