[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: LYNX-DEV LYNX, change temp download dir from /tmp
From: |
T.E.Dickey |
Subject: |
Re: LYNX-DEV LYNX, change temp download dir from /tmp |
Date: |
Fri, 10 Apr 1998 17:49:52 -0400 (EDT) |
> ] that's half the problem (some people think we should use mkstemp rather
> ] than tempnam - though I don't see myself how that would plugthe security
> ] holes).
> ]
> ]
> ] --
> ] Thomas E. Dickey
> ] address@hidden
> ] http://www.clark.net/pub/dickey
>
> tempnam doesn't work since you need to have the right extension on the
> temp file or things don't work right.
>
> mkstemp could be used to fix the race condition (which is still there
> unless TEMP_SPACE (or $LYNX_TEMP_SPACE) != /tmp). You have to do more
from the description of mkstemp, I couldn't see that - there aren't
even any guarantees about the permissions with which the file is opened.
Perhaps you're looking at some documentation that I've not seen (the
Solaris man-page & the X/Open description both are pretty vague).
> stuff than that though. Due to the way that Lynx slings around temp
> files and uses them over again, an approach like I was in the middle
> of taking last summer before I gave up (creating the files safely with
> mode 600, and doing some funky stuff so that the temp name maker knows
> what extension to use) will work. I got the impression that nobody was
I thought my umask/chmod combination is reasonably ok (but someone pointed
out that if the Lynx user is 'root', then the tests aren't appropriate).
Anyway, fixing _that_ should be a matter of making a more sophisticated
chunk of code to replace the contents of OpenHiddenFile - right?
> really interested in it and I was getting busier and busier at work so
> I sort of abandoned it. Should I try again? It is possible to totally
> avoid the race condition as long as the public /tmp has the sticky bit
> set on it, and you're using a machine with "sticky" directory support
> (which is pretty much everything these days).
sounds right - but I don't know how to verify that at configuration time
(i.e., that the sticky-bit actually does something useful).
> Or do people really use TMPDIR and/or LYNX_TEMP_SPACE rather than /tmp?
> In any case, using $TMPDIR instead of $LYNX_TEMP_SPACE is a really
> easy change.
Actually, I mostly ignore $TMPDIR unless I'm on a box where the default
(should be /usr/tmp or /var/tmp ;-), isn't big enough. That happens
occasionally at work, since we have some rather large (>200Mb) server logfiless.
>
> --
> Jonathan Sergent / address@hidden
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, (continued)
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Jason F. McBrayer, 1998/04/07
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, T.E.Dickey, 1998/04/07
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Doug Kaufman, 1998/04/07
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Mark H. Wood, 1998/04/08
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Larry W. Virden, x2487, 1998/04/09
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Larry W. Virden, x2487, 1998/04/07
Re: LYNX-DEV LYNX, change temp download dir from /tmp, Nelson Henry Eric, 1998/04/07
Re: LYNX-DEV LYNX, change temp download dir from /tmp, Jonathan Sergent, 1998/04/10
Re: LYNX-DEV LYNX, change temp download dir from /tmp,
T.E.Dickey <=
Re: LYNX-DEV LYNX, change temp download dir from /tmp, Jonathan Sergent, 1998/04/14