(Forwarded from https://codespeak.net/issue/pypy-dev/issue376)

Begin forwarded message:

From: Armin Rigo <[EMAIL PROTECTED]>

The fact that the directory name is predictable is very useful in various
situations, so it's unlikely that we can be convinced to change that.  I do
see the point that the py lib could be tricked into removing unrelated data
that would happen to have the same name, but I think that we can find other
solutions than unpredictable directory names in order to fix that specific
issue.

An idea would be to put a certain dot-file in the temporary directory when
it is created, and check for it before removing the whole dir later.  If we
want to be paranoid, the dot-file's content should be a random salt followed
by the SHA checksum of ("salt" + "directory-name" +
"constant-py-lib-token"), so that if the content still matches later, it
proves that the directory was really created by the py lib (unless it was
created by a malicious program that contains a copy of the same
"constant-py-lib-token" - but of course it's not possible to prevent a
malicious program run by the same user to do whatever it pleases anyway).

Does this sound acceptable to debian-level security?


-- 
Chris Lamb, UK                                       [EMAIL PROTECTED]
                                                            GPG: 0x634F9A20

Attachment: signature.asc
Description: PGP signature

Reply via email to