[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] tmp file cleanup
From: |
David Levine |
Subject: |
Re: [Nmh-workers] tmp file cleanup |
Date: |
Mon, 20 Jan 2014 00:27:20 -0500 |
> But my underlying concern with allowing a relative mhpath surrounds
> taking advantage of $HOME leakage/confusion in the event you managed
> to get something to call an MH command with elevated privileges.
> I.e. $HOME != getpwuid(geteuid())->pw_dir. With absolute paths,
> this is never an issue.
Note that nmh already checks to see if a setuid or setgid
had succeeded, and in that case won't use the environment
variables (and instead will just put tmp files in the MH
Path directory):
/* Ignore envvars if we are setuid */
if ((getuid()==geteuid()) && (getgid()==getegid())) {
/* use first non-null of MHTMPDIR, TMPDIR, or TMP */
...
}
> > If it is .. or .., or starts with ./ or
> > ../, then it's relative to the current working directory.
(Off-this-topic experiment: my first message with that text
got incorrectly converted to 8-bit. I'll run this through
mhbuild to show that the C-T header prevents that.)
David
- Re: [Nmh-workers] tmp file cleanup, (continued)
- Re: [Nmh-workers] tmp file cleanup, Jon Steinhart, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup, Lyndon Nerenberg, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup, David Levine, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup, David Levine, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup, David Levine, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup, David Levine, 2014/01/19
- Re: [Nmh-workers] tmp file cleanup,
David Levine <=
- Re: [Nmh-workers] tmp file cleanup, David Levine, 2014/01/26