Markus Steinborn <gnugv_maintai...@yahoo.de> wrote:
> vail.sz...@sydney.edu.au schrieb:
Surely you meant paul.sz...@sydney.edu.au .
>> I wrote a while ago:
>>
>>> I slightly wonder about the writing of the tmp file
>>> open("/tmp/gv_random_some.pdf.tmp", O_WRONLY|O_CREAT|O_TRUNC, 0666)
>>> from within gs (no O_EXCL so would follow a symlink allowing clobber).
>>>
>> It is not for gs to verify the security of the tmp file passed as
>> argument (it cannot do that), but gv should pre-create the file in
>> a safe way.
>
> I cannot find a problem there. GNU gv creates the file as follows:
>
> (ps.c, psscan()): filename_dsc=file_getTmpFilename(NULL,filename_raw);
> where getTmpFilename itself uses mkstemp to create the file (assuming
> mkstemp is available on your system, which is the case on GNU/Linux).
> Have verified that the permissions are 600 after getTmpfilename().
Sorry, but my ltrace or strace shows otherwise: gv does NOT use mkstemp,
gv does NOT open the file but gs does. (Thankfully gv seems to set a sane
"umask 077" before invoking gs.)
If gv used mkstemp as you say, opening and pre-creating the file as I
suggested, then things would be "right".
Cheers, Paul
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
