Re: NSTemporaryDirectory() and security
Re: NSTemporaryDirectory() and security
- Subject: Re: NSTemporaryDirectory() and security
- From: Ryan Britton <email@hidden>
- Date: Tue, 1 May 2007 15:44:56 -0700
As a quick follow-up, that's a snippet from a wrapper class that
handles creating and removing a temporary scratch directory. The
default base path is NSTemporaryDirectory().
From -init:
[self setScratchBasePath:NSTemporaryDirectory()];
On May 1, 2007, at 3:43 PM, Ryan Britton wrote:
NSTemporaryDirectory() in its current incarnation does NOT return /
tmp. It returns a directory that is accessible solely by the
user. On my system it's /private/var/tmp/folders.501/TemporaryItems/.
That said, I typically take it one step further: mkdtemp(). For
example:
NSString *tempPath = [[self scratchBasePath]
stringByAppendingPathComponent:@"Scratch Folder.XXXXXX"];
char pathChars[PATH_MAX + 1];
pathChars[PATH_MAX] = 0;
[tempPath getFileSystemRepresentation:pathChars maxLength:
(PATH_MAX + 1)];
char *result = (char *) mkdtemp(pathChars);
if (result != pathChars) //Error
{
NSLog(@"Bad result");
//Do something
}
tempPath = [[NSFileManager defaultManager]
stringWithFileSystemRepresentation:pathChars length:strlen
(pathChars)];
if (!tempPath)
{
NSLog(@"Unable to parse path");
//Do something
}
On May 1, 2007, at 1:40 PM, Steven W Riggins wrote:
The gist I got from the original email is that whoever he works
for thinks that sticking sensitive temp files in /tmp is a
security risk to those files being exposed so they locked down /tmp.
Unless I read it wrong?
Steve
On May 1, 2007, at 12:59 PM, Chris Parker wrote:
On May 1, 2007, at 11:50 AM, Rosyna wrote:
You can use FSFindFolder() to get the temp directory for the
user's specific domain.
On Tiger, NSTemporaryDirectory() calls FSFindFolder() and returns
a path appropriate for use by applications wishing to store
temporary files for the calling user.
The directory has appropriate permissions which prevent anyone
other than the user from futzing around in the directory, which
addresses the race issue most security people have with just
writing files in world-writeable locations.
As Rosyna notes below, don't sequester this path off someplace
and keep using it - the path may change from release to release.
.chris
Note the folder returned by this has changed drastically between
Mac OS X releases, so never, ever store paths.
Ack, at 5/1/07, Jaime Magiera said:
However, there is a security issue, in the eyes of some, that
writing to /tmp is bad. So, they have it cordoned off on their
systems. Another issue would be if a user was rendering content
that they didn't want other users (such as those logged via
SSH) to see.
--
Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug
Unsanity: Unsane Tools for Insanely Great People
It's either this, or imagining Phil Schiller in a thong.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
40geeksrus.com
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden