chtaylo3 uttered:

Set the global variable sqlite3_temp_directory to any
directory you want and it tries that directory first.

Ok, fair enough.  But why do you try and open the directory?  Why can  you
just try and create the tmp file there and deal with it if it's not allowed?

I'm asking becuase I have permissions for tmp folders (/tmp, /usr/tmp,
/var/tmp) set at a reasonable:
drwxrwx-wt   4 root   adm    4096 Jul 21 15:18 tmp/

and I'm running an application (trac) as a non-privlidged user.. Pretty
standard so far.   Said user/program therefore is not allowed to read the
entire tmp dir, nor do I want it to.  It is however allowed to create files
and operate on them.  I think that if you just  tried to create the file and
handle exemptions after that (no dir access, file already exists, etc) then
this would work just as well, no?

Of course, an obvious workaround in the mean time is for the author of trac to
go ahead and set the sqlite_temp_directory per your suggestion.


Or you could just fix the permissions on your temp directories. If the files in */tmp are sensitive, they should be protected. The file name themselves should not be sensitive.

I'm not aware of many installations using the permissions you use for temp directories.


Respectfully,
Christopher Taylor



--
    /"\
    \ /    ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL
     X                           - AGAINST MS ATTACHMENTS
    / \

Reply via email to