[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] nmh vs mktemp()

From: Peter Maydell
Subject: Re: [Nmh-workers] nmh vs mktemp()
Date: Sun, 06 Apr 2008 00:54:52 +0100

Nick Rusnov wrote:
>On Sat, Apr 05, 2008 at 10:52:05PM +0100, address@hidden wrote:
>> So I think that it might be better to sidestep the whole issue
>> by just having nmh create its temporary files in ~/Mail. Because
>> this directory isn't writable except by the user, there's no
>> danger of malicious attackers creating symlinks in it as there
>> is with putting files in /tmp/. Some work would still be
>> required, but nowhere near as much.
>I have to agree that this is a good solution short of massive code changes. I
>believe that users can currently do this by setting their TEMP variable to a
>directory that they control

Nope. The code hardcodes /tmp/...

>, but a systematic use of a temporary directory specially
>for nmh seems like a good policy. Something like ~/Mail/.temp or some such so 
>not to interfere with a potential folder called temp.

I thought about having these files be in a subdir, but we'd have to create it
(and hope it isn't used by a user for something already), and it just seemed
to me that it would be easier to put it all in ~/Mail. Judging by some of 
the things I have in Mail/ it looks as if mhshow might be putting temp files
there already...

-- PMM

reply via email to

[Prev in Thread] Current Thread [Next in Thread]