Re: NSTemporaryDirectory() and security
Re: NSTemporaryDirectory() and security
- Subject: Re: NSTemporaryDirectory() and security
- From: Ryan Britton <email@hidden>
- Date: Tue, 1 May 2007 15:43:09 -0700
NSTemporaryDirectory() in its current incarnation does NOT return /
tmp. It returns a directory that is accessible solely by the user.
On my system it's /private/var/tmp/folders.501/TemporaryItems/.
That said, I typically take it one step further: mkdtemp(). For
example:
NSString *tempPath = [[self scratchBasePath]
stringByAppendingPathComponent:@"Scratch Folder.XXXXXX"];
char pathChars[PATH_MAX + 1];
pathChars[PATH_MAX] = 0;
[tempPath getFileSystemRepresentation:pathChars maxLength:(PATH_MAX
+ 1)];
char *result = (char *) mkdtemp(pathChars);
if (result != pathChars) //Error
{
NSLog(@"Bad result");
//Do something
}
tempPath = [[NSFileManager defaultManager]
stringWithFileSystemRepresentation:pathChars length:strlen(pathChars)];
if (!tempPath)
{
NSLog(@"Unable to parse path");
//Do something
}
On May 1, 2007, at 1:40 PM, Steven W Riggins wrote:
The gist I got from the original email is that whoever he works for
thinks that sticking sensitive temp files in /tmp is a security
risk to those files being exposed so they locked down /tmp.
Unless I read it wrong?
Steve
On May 1, 2007, at 12:59 PM, Chris Parker wrote:
On May 1, 2007, at 11:50 AM, Rosyna wrote:
You can use FSFindFolder() to get the temp directory for the
user's specific domain.
On Tiger, NSTemporaryDirectory() calls FSFindFolder() and returns
a path appropriate for use by applications wishing to store
temporary files for the calling user.
The directory has appropriate permissions which prevent anyone
other than the user from futzing around in the directory, which
addresses the race issue most security people have with just
writing files in world-writeable locations.
As Rosyna notes below, don't sequester this path off someplace and
keep using it - the path may change from release to release.
.chris
Note the folder returned by this has changed drastically between
Mac OS X releases, so never, ever store paths.
Ack, at 5/1/07, Jaime Magiera said:
However, there is a security issue, in the eyes of some, that
writing to /tmp is bad. So, they have it cordoned off on their
systems. Another issue would be if a user was rendering content
that they didn't want other users (such as those logged via SSH)
to see.
--
Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug
Unsanity: Unsane Tools for Insanely Great People
It's either this, or imagining Phil Schiller in a thong.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
40geeksrus.com
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden