To those on gimp-developer: My gripe is that gimp ignores $TMPDIR, the default location is in my home directory which is on a slow NFS mount, and specifying /tmp is unsafe. On Mon, Nov 06, 2000 at 08:52:46AM -0800, Ben Gertzfield wrote: > >>>>> "Brian" == Brian Ristuccia <brian@xxxxxxxxxxxxx> writes: > > Brian> I don't think gimp temporary file creation is safe. gimp > Brian> swap files have names like gimpswap.pid that could be > Brian> easily predicted. If someone puts a symlink in /tmp, they > Brian> could trick the user into overwriting files. > > I agree, but since the GIMP installer lets you *choose* where you > put your temp files, you can either pick a safe place like your > homedir, or an unsafe but convenient place like /tmp. > > A patch for safe usage in either /tmp or the homedir would probably > be gladly accepted. :) > Actually, I've come up with a somewhat better idea: * If the entire path exists already, it must be owned by the user running gimp and not writable by others. Otherwise, the next step is tried: * If the location is not writable by the user, an error will occur. * If the location is writable by the user but also writable by others, gimp will create a directory there with an unpredictable name and append it to the temp file path only if the sticky bit is set. Otherwise, an error will occur. * If the last component in the path doesn't exist, it will be created in a safe manner with an unpredictable suffix. If the directory is writable by others, the sticky bit must be set. Otherwise, an error will occur. I'll start working on a patch. -- Brian Ristuccia brian@xxxxxxxxxxxxx bristucc@xxxxxxxxxx
