Subject: [ecasound] tempfile creation
From: Kai Vehmanen (k@eca.cx)
Date: Thu Mar 22 2001 - 22:17:19 EET
The biggest change in the 1.9dev5 and 0.3dev6 dev releases is
the new tempfile creation scheme. Hopefully this will take care of the
known security problems of ecasound's and ecawave's use of tmpnam().
If you find any vlnerabilities or other problems in the new system,
your input is much appreciated.
Shortly put, in the new system, tempfile creation goes like this:
1) get the tmp-prefix ($TMPDIR -> $TMP -> "/tmp")
2) a new subdirectory is created (in this case, either
$TMPDIR/ecasound-user or $TMPDIR/ecawave-user), using
mkdir() and file permissions set to 0700
3) we double check the newly created directory; file
type (no symlinks or regular files), file permissions
(only the user must have acces), euid and egid are
checked
4) tempfile are created in this directory
a) either static files like ecawave-user/clipboard.wav
b) semi-unique files identiefied by PID and
a running index
5) when exiting, if all tempfiles were properly removed, also
the directory is removed
... if any of the checks fail in (3), no tempfiles are created,
and ecasound/ecawave issues a warning to the user.
Now to test the above, here's a list of temmpfile uses in ecasound and
ecawave:
ecasound:
- cs-edit
- .ogg input
ecawave:
- the cut/copy/paste clipboard file (the new default is
$TMPDIR/ecawave-user/clipboard.wav)
- when editing new, unsaved files (open a new session and
paste from the clipboard)
- the cut event - ecawave stores the cut-tail into
a tempfile before concatenating the head and tail parts
-- http://www.eca.cx Audio software for Linux!-- To unsubscribe send message 'unsubscribe' in the body of the message to <ecasound-list-request@wakkanet.fi>.
This archive was generated by hypermail 2b28 : Thu Mar 22 2001 - 22:28:14 EET