[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packaging automation - separation of 'debian/' directory



Bas Wijnen <wijnen@debian.org> wrote:

> Also, someone noted that this script is vulnerable to a symlink attack in
> /tmp.  I haven't found a good solution for that though, because I want to have
> a reachable build tree under a "normal" name, where I can see what all the
> files look like.

If you *create* a *directory* in /tmp, it should be safe, because mkdir
will fail if a symlink with the same name already exists. And when the
temporary directory is created with the appropriate permissions[1],
noone can fiddle with it.

If you are in this case, please quote the relevant piece of code and the
objection that "someone" made about this code.


  [1] mkdir(1) supports --mode, as does the mkdir(2) system call with
      its second argument, to avoid a race condition.

-- 
Florent



Reply to: