Anyone has time for a unittesting issue?
Andrei Alexandrescu via Digitalmars-d
digitalmars-d at puremagic.com
Sat Oct 1 12:32:08 PDT 2016
On 10/01/2016 03:29 PM, Dicebot wrote:
> On Saturday, 1 October 2016 at 18:24:07 UTC, Andrei Alexandrescu wrote:
>> Granted, no contest. Seems to me we could be a better denizen of said
>> junkyard. What I noticed other apps do is create one directory in /tmp
>> and then place their junk in there. -- Andrei
>
> Yeah, it is both common and "wrong" (considered insecure) :) Problem is
> that it allows one to hijack output from the binary and redirect it
> somewhere else. If binary is running as privileged user, it can possibly
> be used as an attack vector.
Understood, thanks.
> Not like this is real security concern in dmd case but guidelines like
> "don't make /tmp/ path predictable" exist exactly so that one can have
> simple safe default and not worry about possibilities.
This may be a misunderstanding. I'm saying is to switch from
unpredictable paths rooted in /tmp/ to equally unpredictable paths
rooted in /tmp/.dmd-test-run/.
Thanks,
Andrei
More information about the Digitalmars-d
mailing list