Re: deleting content of /tmp
On 24.03.07 23:25, Ron Johnson wrote:
> Apparently so. :(
>
> tmpfile()
> Return a new file object opened in update mode ("w+b").
> The file has no directory entries associated with it and
> will be automatically deleted once there are no file
> descriptors for the file. Availability: Macintosh, Unix,
> Windows.
>
> What I meant was os.tempnam(). Which the documentation indicates is
> vulnerable to symlink attacks.
...just because it does have directory entry. and that's why passing open
file without links is not vulnerable.
> Not being able to exclusively lock a file is a definite weakness.
well, even if you would be able to exclusively lock a file, using such files
is easy and effective way to get some security.
> Enterprise OSs give you much richer file semantics. But... they're
> heavier and slower.
which OSes are you talking about?
Ron, please stop it. This is an old, simle and safe strategy, definitely not
a bug. The fact you don't understand it does not mean it's bad.
--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Honk if you love peace and quiet.
Reply to: