On 06 Oct 2010, at 11:59, Michael Van Canneyt wrote:
On Wed, 6 Oct 2010, Jonas Maebe wrote:
Nobody else can steal the file once you have created it, because
they won't be the owner nor have the necessary permissions. That is
the main security risk and it is solved by this approach. The fact
that another process running under your login not using O_EXCL
could overwrite it is not an extra security risk (if you have a
rogue process running under your login, nothing that you do is safe
because it can use ptrace to modify any process in any way it sees
fit anyway).
And that is why I think the whole point is hugely exaggerated :-)
It's not, because currently a process from *another* user can
trivially intercept your temporary files. If you have a daemon running
as root, that is a major security concern.
Jonas
_______________________________________________
fpc-pascal maillist - fpc-pascal@lists.freepascal.org
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
