ASPN ActiveState Programmer Network
ActiveState
/ Home / Perl / PHP / Python / Tcl / XSLT /
/ Safari / My ASPN /
Cookbooks | Documentation | Mailing Lists | Modules | News Feeds | Products | User Groups


Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming
MyASPN >> Mail Archive >> pdk
pdk
Re: Improving the perlapp --tmpdir mechanism
by kenneth other posts by this author
May 15 2009 3:50AM messages near this date
RE: Improving the perlapp --tmpdir mechanism | Re: Improving the perlapp --tmpdir mechanism 
>  No, it would be 700, or 744 at most.  You don't want other users to
>  be able to write to your temp directory; that way they can inject any
>  code they want into your program.
>    
Hmm, I think we have a misunderstanding?

I'm sure the pdk-* dirs placed in the tmp dir root (wherever it is) 
should have something like you describe (even though I'm seeing 755 
here). However, if I perlapp'ed something using '--tmpdir /tmp/foo' I 
would expect it to create 'foo' with something wide open, and *inside* 
that place the protected pdk-* dir(s). If it made 'foo' 700, it would 
defeat it all as only the first user running the app would later be able 
to run it again...

>  All the code implementing this will have to be written in C, might be
>  different for each platform and will be in the part of the code included
>  in every single generated PerlApp.
> 
>  So I definitely don't want to overengineer it, and I'm also wary of
>  introducing potential problems/vulnerabilities for the majority of
>  the users who will never use this mechanism.
>    
Fully understand, and agree.

>  So I thing creating the --tmpdir directory if it doesn't exist makes
>  sense, and maybe allowing to specify an environment variable
>  instead of a static PATH might be reasonable too.  But any kind of
>  cascading fallbacks (if the environment variable isn't set), or
>  a more complex variable substitution sublanguage, or setting different
>  mode bits etc are all too much complicated.
>    
After some thought, I actually think you could keep everything else 
intact and just add the capability of creating a missing dir. Assuming 
you don't see a big problem, hardwiring the behavior of 'create if 
missing with mode 777' would probably be quite adequate. Skip the idea 
of using another envvar, I don't think it gives enough value.

I guess that it could be worthwhile to add some incantation to turn on 
that behavior as people using --tmpdir today wouldn't expect it. In the 
spirit of -bind, perhaps something like:

    perlapp --tmpdir /tmp/foo[createifnotexists] ...

or something similar, I'm sure you can come up with something less 
unwieldy :-), but that would allow future expansion if someone ever 
comes up with a plausible and acceptable need for something even more 
complicated.

ken1
_______________________________________________
PDK mailing list
PDK@[...].com
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
Thread:
kenneth
David Kaufman
Jan Dubois
kenneth
Jan Dubois
kenneth
Jan Dubois
kenneth
Terris Linenbach

Privacy Policy | Email Opt-out | Feedback | Syndication
© ActiveState Software Inc. All rights reserved