Re: gdk-pixbuf: no save xpm patch

From: Darin Adler <darin eazel com>
To: Hans Breuer <hans breuer org>, Havoc Pennington <hp redhat com>
Cc: Tor Lillqvist <tml iki fi>, <gtk-devel-list gnome org>
Subject: Re: gdk-pixbuf: *no* save xpm patch
Date: Wed, 01 Nov 2000 09:31:07 -0800

on 11/1/00 9:02 AM, Hans Breuer at hans breuer org wrote:

> At 10:33 01.11.00 -0500, Havoc Pennington wrote:
>> 
>> If you have get_tmp_filename() there's a race condition before you
>> open the file, right?
>> 
> Actually with the Win32 specific implementation there won't be one,
> because GetTempFileName already creates the file and also makes the
> tempfilename unique during one session. (It is simple with short up-times ...)

The race condition is not about having a non-unique file is it? It's about
malicious people substituting another file before you open it. As discussed
in the programming guidelines:

<http://developer.gnome.org/doc/guides/programming-guidelines/security.html>

My only worry about these proposed calls are the lack of clarity about how
long the identifier should be. On arbitrary length filename file systems
this is no issue, but it would be smart to set a limit on the length of the
identifier to make it less likely to be a portability problem.

    -- Darin

References:
- Re: gdk-pixbuf: *no* save xpm patch
  - From: Hans Breuer

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: gdk-pixbuf: *no* save xpm patch

Re: gdk-pixbuf: no save xpm patch