discuss-gnustep
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNUstep introduces a serious security problem


From: Richard Frith-Macdonald
Subject: Re: GNUstep introduces a serious security problem
Date: Wed, 18 Mar 2009 09:05:57 +0000


On 18 Mar 2009, at 07:34, Tim Kack wrote:

Yes, this seems to that is the case here - I read through some GNU docs as well (not that I do not trust your research Richard!). But since this might be confusing since GNUstep is supposed to be cross platform.
On Windows you get:

'$ ./obj/testFilePerms.exe
2009-03-18 08:31:38.361 testFilePerms[5984] File NSData.m: 1050. In [NSDataMallo c -writeToFile:atomically:] Rename ('C:/tmp/ permissionstestFile.txta04820' to 'C :/tmp/permissionstestFile.txt') failed - The operation completed successfully.

It's a windows-specific bug that behavior there differs, now fixed in svn trunk.

2009-03-18 08:31:38.361 testFilePerms[5984] Failure'

I suggest that we add a line to the documentation that says:

"Depending on which operating system you are using, any existing file might be overwritten regardless of file protection mask".

Logically you would need to place such a warning in the tens (possibly hundreds) of places where something similar can occur. This seems a bit pointless when what you are actually saying is that the method will work as documented subject to normal restrictions placed on it by the operating system. People familiar with POSIX file permissions will expect this behavior anyway if they read the documentation and see that it says the 'atomically' flag means a temporary file will be renamed to replace any existing file.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]