On Sun, May 24, 2009 at 5:58 AM, Dave Keck <davek...@gmail.com> wrote: > I use /tmp. Works great for me - I use it to save temporary files that > another privileged process then moves to a permanent location. Launchd > uses it too, along with a host of other things.
Please don't just toss things in /tmp. Launchd doesn't just toss things in /tmp, it creates directories within /tmp, because that's secure (you can't delete empty directories, and the permissions on the directory are set such that only a specific user can modify the directory). Putting files for inter-process communication in /tmp is not secure. Imagine the following sequence of events: 1. Non-privileged process A running as user Alice creates a file called /tmp/ipc. 2. A signals to privileged process B, running as root, that the file exists. 3. Malevolent process C, running as user Eve, notices the file, unlinks it (which it can do due to the permissions on /tmp) and creates a new one in its place with its own preferred contents. 4. B performs its action on the newly-replaced file contents. Game over. Eve has used a non-privileged account but has taken advantage of Alice's use of a privileged tool. This is even easier if the path in /tmp is hardcoded. If you want to pass things between non-privileged and privileged processes, you have quite a few options that don't even involve the filesystem. If you need persistence or some other feature of the filesystem, use NSTemporaryDirectory because it is far more secure than /tmp. If you *must* use /tmp for some reason (not linking against Foundation, etc.) use FSFindFolder. If you can't even use that, then follow launchd's lead and create user-specific non-empty directories in /tmp. Try to pass file descriptors or pipes around whenever possible rather than pointing to paths in the filesystem. --Kyle Sluder _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
