[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NSTemporaryDirectory() and security

Subject: Re: NSTemporaryDirectory() and security
From: "Shawn Erickson" <email@hidden>
Date: Tue, 1 May 2007 11:33:30 -0700
Delivered-to: email@hidden
Delivered-to: email@hidden
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CMscVfsN6gWK0/eirLVqym40NkFZzUibqDl4r11e6GcpJ4ZU76hVaDDrG7qXDN+hozZ5MLf/GXBVd2EXFBc+8zzLpDlpLjL5S4PyEOMkCPsu04kvlyiMrv1s33c3Mj4kudkHkZAMcTMSHT8RT5LWf4PQc3mSv1yP7iaPvK8fGPM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=Xuf4km0QJDEOoLSrIELNs+9ffvJxUgwyscq9GfRrUrkchQicZH8w2qwS3wplokopJpZ9bdwaDYBvMu1GOpILBZ4Jeh7eafDWKqY1kf5U129hwP8w8Z4cQ91fD49YHGwJqqlyVm6oKsEOnCb8f70VXn6XJs9DNZEMf2tJVd+PsYo=

On 5/1/07, Jaime Magiera <email@hidden> wrote:

Good afterevenmorning,

In all of my cocoa document-based applications, I've used
NSTemporaryDirectory() as storage for render files, etc. This seems
to be the suggested method...

http://developer.apple.com/documentation/MacOSX/Conceptual/
BPFileSystem/Articles/WhereToPutFiles.html#//apple_ref/doc/uid/
TP40001411-109669

However, there is a security issue, in the eyes of some, that writing
to /tmp is bad. So, they have it cordoned off on their systems.
Another issue would be if a user was rendering content that they
didn't want other users (such as those logged via SSH) to see.

What are the options/suggestions for tmp file writing that is secure
but also follows Apple's guidelines? What are other folks doing?


You should create an user and application specific directory under the
"tmp" directory returned by the recommend APIs. The name of that
directory should look something like the following
"com.myapplication.bundleid.<user id>" with the possibility of using
mkstemp to generate a non-colliding directory name (aka
"com.myapplication.bundleid.<user id>.NNNN"). The directory should at
least disallow write to "others" and "wheel" and allow the user you
created it for to read, write and search.

drwxr-xr-x   2 serickso  wheel  68B May  1 10:52 3056/

-Shawn
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/email@hidden

This email sent to email@hidden

References:
	>NSTemporaryDirectory() and security (From: Jaime Magiera <email@hidden>)

Prev by Date: Re: NSTemporaryDirectory() and security
Next by Date: KVO using threads
Previous by thread: Re: NSTemporaryDirectory() and security
Next by thread: Re: NSTemporaryDirectory() and security
Index(es):
- Date
- Thread

Home