On Tue, 2012-10-09 at 17:46 -0400, Yaroslav Halchenko wrote: > On Tue, 09 Oct 2012, Albert Chu wrote: > > > > The default location for this library's debug dumps is /tmp. I > > > > admittedly chose it somewhat at random, it just felt like a decent > > > > location. > > > my take on it (Dave might clarify what intention he had) was -- security > > > precaution since wouldn't it allow an attack vector via symlinks to > > > root-owned precious files? (e.g. an evil attacker might ln -s > > > /etc/whateverimportant /tmp/ipmiconsole_debug) so then naive run of the > > > ipmiconsole as root would render that file "broken" > > Makes sense, I could see that. > > > > > I guess ideally --debug should just take a filename as an argument... ? > > The --debug output in the ipmiconsole tool outputs dumps to stderr. > > ah ;) > > > Hmmmm. What would be the best thing to do? I'm actually liking the idea > > of dumping to the current working directory, so that it's the > > responsibility of the developer to know what they are doing with this > > option. > > and you are the boss here -- then O_EXCL should still be kinda useful > to preclude those evil acts as far as I see it -- the "developer" might > end up in /tmp after some wonder-abouts ;) > > alternatively -- debug output filename could make use of mkstemp to > craft a unique filename
Ahhh, never knew of mkstemp before. I'll have to add that to memory :P I was just thinking of adding a PID to the filename, so the developer knows which run created the debug dumps. Al -- Albert Chu ch...@llnl.gov Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
