[MERGE] OSX's mkdtemp assigns wrong group by default
guillo.gonzo at gmail.com
Sun Aug 31 20:28:19 BST 2008
On Sun, Aug 31, 2008 at 4:04 PM, John Arbash Meinel
<john at arbash-meinel.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Guillermo Gonzalez wrote:
>> I wasn't aware of possible security holes related to this, at the time
>> I added it.
>> I'm thinking that a possible solution, to avoid conditionals in the
>> tests, could be adding an argument to osutils.mkdtemp, i.e:
>> This would allow a specific test to override uid/guid, and also
>> keeping the current behaviour in all other test.
> So, the only places where bzr now creates temp files outside the test suite is:
> 1) btree code, when spilling extra pages to disk. (Uses NamedTemporaryFile)
> 2) TransformPreview, uses mkdtemp to save a place to work in, I think because
> it doesn't want to pollute .bzr/checkout/limbo (especially as it can do
> multiple stacking of previews, at least, Aaron *wants* to do that.)
> 3) diff.py, uses mkstemp to spawn an external tool, and mkdtemp to build up a
> full tree, to then give to an external tool
> 4) bzrlib.remote, uses tempfile.NamedTemporaryFile to spool the result of
> GetRepositoryTarball, though that code path is no longer actively used. (Also
> used mkdtemp during *creation* of said tarball.)
> so the (2) and (4) are using mkdtemp() in such a way that someone could
> possibly inject bogus data into it if we weren't careful. chown(getgid())
> doesn't seem particularly dangerous, since it has the access rights of the
> current process. It just doesn't seem specifically necessary.
I get a more clear picture now.
Thanks for the detailed feedback.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> -----END PGP SIGNATURE-----
Also after Vincent comentss on how far away from the test the mkdtemp
calls are. I see my idea falls apart :)
More information about the bazaar