Re: NSTemporaryDirectory() and security
Re: NSTemporaryDirectory() and security
- Subject: Re: NSTemporaryDirectory() and security
- From: "stephen joseph butler" <email@hidden>
- Date: Tue, 1 May 2007 13:26:14 -0500
On 5/1/07, stephen joseph butler <email@hidden> wrote:
On 5/1/07, Jaime Magiera <email@hidden> wrote:
> However, there is a security issue, in the eyes of some, that writing
> to /tmp is bad. So, they have it cordoned off on their systems.
> Another issue would be if a user was rendering content that they
> didn't want other users (such as those logged via SSH) to see.
>
> What are the options/suggestions for tmp file writing that is secure
> but also follows Apple's guidelines? What are other folks doing?
As far as I know, mkstemp() is what you're supposed to use (man 3
mkstemp). You can take the returned FD and wrap it in an NSFileHandle
for convenience.
Actually, here's a quick category that should work (untested):
#include <unistd.h>
#import <Foundation/Foundation.h>
@interface NSFileHandle (NSFileHandleSecureTemp)
+ (NSFileHandle*) fileHandleWithTemporaryFile:(NSString*)template;
@end
@implementation NSFileHandle (NSFileHandleSecureTemp)
+ (NSFileHandle*) fileHandleWithTemporaryFile:(NSString*)template
{
char * cTemplate = NULL;
int fd = -1;
NSFileHandle *rv = nil;
NSParameterAssert( template != nil );
cTemplate = strdup( [template fileSystemRepresentation] );
fd = mkstemp( cTemplate );
free( cTemplate ); cTemplate = NULL;
if (fd != -1)
rv = [[[NSFileHandle alloc] initWithFileDescriptor:fd
closeOnDealloc:YES] autorelease];
return rv;
}
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden