[PATCH] Add script to rewrite manifest to workaround lack of parent deltas
Benoit Boissinot
benoit.boissinot at ens-lyon.org
Tue Aug 25 07:21:30 UTC 2009
On Mon, Aug 24, 2009 at 09:57:37PM -0400, Greg Ward wrote:
> On Mon, Aug 24, 2009 at 5:39 PM, Benoit
> Boissinot<benoit.boissinot at ens-lyon.org> wrote:
> >> 1) except tempfile.mktemp() is unsafe and should not be used
> >
> > Not more unsafe than using a chosen prefix.
>
> Huh?? mktemp() is unsafe because there is a race condition: the
> function finds an unused filename and returns it to you. Attacker
> creates file as a symlink to /etc/passwd. Then you open it in
> truncate mode and clobber /etc/passwd. mkstemp() avoids this by
> returning an open file descriptor along with the filename. So how
> does having a known prefix make mkstemp() less secure? (And isn't the
> default prefix -- "tmp" -- even more "known" than a chosen prefix that
> I pass in?)
>
Sorry, I meant suffix. Using mktemp() is not really different that using
00manifest.i.old/00manifest.d.old, is it ?
regards,
Benoit
--
:wq
More information about the Mercurial-devel
mailing list