[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Duplicity-tracker] [bug #21686] NcFTPGet 3.2.0 tempfile incompatibility
From: |
Peter Schuller |
Subject: |
[Duplicity-tracker] [bug #21686] NcFTPGet 3.2.0 tempfile incompatibility with Duplicity 0.4.6 |
Date: |
Sat, 01 Dec 2007 07:37:52 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.8.1.8) Gecko/20071030 Firefox/2.0.0.8 |
Follow-up Comment #6, bug #21686 (project duplicity):
So the easiest fix to implement I think would be to change the top-level to
securely create a temporary directory, and then modify tempfile.tempfile to
point to that new directory. On SystemExit or normal return, the directory is
rmdir():ed. (The atexit module cannot be used because it will not work when
the interpreter is killed by a signal)
This is an easy fix, but in some ways less nice since it means the individual
backens are still insecure, relying on top top-level appropriately nudging the
tempfile creation.
Another version would be to change dup path code to keep a reference counted
securely created temporary directory, and use that.
Opinions?
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?21686>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/