-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
D. Richard Hipp wrote: > Christian Smith wrote: > >>> /tmp/ is rwx by anyone >>> root stats /tmp/tmpdb.root.1072 (pid==1072) >>> Nonexistant >>> User ln -s /etc/fstab /tmp/tmpdb.root.1072 >>> root creates /tmp/tmpdb.root.1072 >>> fstab erased. >>> >> >> >> SQLite wouldn't work like that. It would read the file (which is actually >> /etc/fstab) and determine that it is not a valid SQLite db. SQLite >> doesn't >> just trample over files without verifying that they are in fact valid >> SQLite databases. >> > > I don't *think* this is a problem. But version 3.1 will contain > extra security features just to make sure. In particular, it will > initialize the random number generated used to create temp file > names from /dev/urandom if available. If you want to create temporary file names, use mkstemp(3) to create and open a file, then close it and open it with sqlite3_open(). > I'll carefully audit the > code to make sure files that are not valid databases are never > overwritten. And I might put in code to make sure opened databases > do not have more than 1 link. (Having an SQLite database that > is aliased by links (hard or soft) is dangerous in other ways, > since it no longer has a unique rollback journal filename, and > hence a hot journal might be missed after a power failure - > resulting in database corruption.) > wow. :) - -- All content of all messages exchanged herein are left in the Public Domain, unless otherwise explicitly stated. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB525yhDd4aOud5P8RAjH4AJ9qGQktUxO6XH91ffgFwsWah/ctuwCdEv6f MOFdXf9HgjauWFMxxe1xsfk= =iBc7 -----END PGP SIGNATURE-----