Re: LYNX-DEV LYNX, change temp download dir from /tmp

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV LYNX, change temp download dir from /tmp

From:	T.E.Dickey
Subject:	Re: LYNX-DEV LYNX, change temp download dir from /tmp
Date:	Fri, 10 Apr 1998 17:49:52 -0400 (EDT)

>  ] that's half the problem (some people think we should use mkstemp rather 
>  ] than tempnam - though I don't see myself how that would plugthe security 
>  ] holes). 
>  ]  
>  ]  
>  ] -- 
>  ] Thomas E. Dickey 
>  ] address@hidden 
>  ] http://www.clark.net/pub/dickey 
>  
> tempnam doesn't work since you need to have the right extension on the 
> temp file or things don't work right. 
>  
> mkstemp could be used to fix the race condition (which is still there 
> unless TEMP_SPACE (or $LYNX_TEMP_SPACE) != /tmp).  You have to do more  
from the description of mkstemp, I couldn't see that - there aren't
even any guarantees about the permissions with which the file is opened.
Perhaps you're looking at some documentation that I've not seen (the
Solaris man-page & the X/Open description both are pretty vague).

> stuff than that though.  Due to the way that Lynx slings around temp  
> files and uses them over again, an approach like I was in the middle  
> of taking last summer before I gave up (creating the files safely with  
> mode 600, and doing some funky stuff so that the temp name maker knows  
> what extension to use) will work.  I got the impression that nobody was  

I thought my umask/chmod combination is reasonably ok (but someone pointed
out that if the Lynx user is 'root', then the tests aren't appropriate).
Anyway, fixing _that_ should be a matter of making a more sophisticated
chunk of code to replace the contents of OpenHiddenFile - right?

> really interested in it and I was getting busier and busier at work so  
> I sort of abandoned it.  Should I try again? It is possible to totally  
> avoid the race condition as long as the public /tmp has the sticky bit  
> set on it, and you're using a machine with "sticky" directory support  
> (which is pretty much everything these days). 
sounds right - but I don't know how to verify that at configuration time
(i.e., that the sticky-bit actually does something useful).
  
> Or do people really use TMPDIR and/or LYNX_TEMP_SPACE rather than /tmp? 
> In any case, using $TMPDIR instead of $LYNX_TEMP_SPACE is a really  
> easy change. 
Actually, I mostly ignore $TMPDIR unless I'm on a box where the default
(should be /usr/tmp or /var/tmp ;-), isn't big enough.  That happens
occasionally at work, since we have some rather large (>200Mb) server logfiless.
  
>  
> --  
> Jonathan Sergent / address@hidden 


-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

[Prev in Thread]

Current Thread

[Next in Thread]

Re: LYNX-DEV LYNX, change temp download dir from /tmp, (continued)
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Nelson Henry Eric, 1998/04/07
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Jonathan Sergent, 1998/04/10
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, T.E.Dickey <=
- Re: LYNX-DEV LYNX, change temp download dir from /tmp, Jonathan Sergent, 1998/04/14

Prev by Date: Re: LYNX-DEV LINES & COLS env variables
Next by Date: Re: LYNX-DEV LINES & COLS env variables
Previous by thread: Re: LYNX-DEV LYNX, change temp download dir from /tmp
Next by thread: Re: LYNX-DEV LYNX, change temp download dir from /tmp
Index(es):
- Date
- Thread