Re: deleting content of /tmp
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/24/07 23:07, Paul E Condon wrote:
> On Sat, Mar 24, 2007 at 10:46:08PM -0500, Ron Johnson wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On 03/24/07 22:36, Roberto C. Sánchez wrote:
>>> On Sat, Mar 24, 2007 at 10:33:40PM -0500, Ron Johnson wrote:
>>>> On 03/24/07 22:19, Roberto C. Sánchez wrote:
>>>>> Out of curiousity, why do you say that it is a bad design?
>>>> Destroying something to save it?
>>>>
>>> It seems like it makes perfect sense (in the temporary file case, not in
>>> the destroying a village case). If you know that the operating system
>>> will keep the file data allocated and allow you use the file as normal
>>> until you close it, then why not unlink it? It prevents collisions with
>>> naming
>> That's what, in python syntax, os.tmpfile() is for.
>>
>>> and minimizes a vulnerability.
>> A rich-enough file protection and locking protocol is supposed to
>> handle that for you.
>
> I wonder how the python run-time package actually implements an os.tmpfile
> on a *nix system --- maybe by creating a file and then unlinking it?
Apparently so. :(
tmpfile()
Return a new file object opened in update mode ("w+b").
The file has no directory entries associated with it and
will be automatically deleted once there are no file
descriptors for the file. Availability: Macintosh, Unix,
Windows.
What I meant was os.tempnam(). Which the documentation indicates is
vulnerable to symlink attacks.
Not being able to exclusively lock a file is a definite weakness.
Enterprise OSs give you much richer file semantics. But... they're
heavier and slower.
- --
Ron Johnson, Jr.
Jefferson LA USA
Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGBfmkS9HxQb37XmcRAlPFAJ9bHBWobMPXi9uj+eD+/1culPNCJACfY0qW
EU3XvvbwfeXrP6LWMg/Lkw0=
=GjCc
-----END PGP SIGNATURE-----
Reply to: