Subject: Re: [boost] [filesystem] security questions
From: Walter Landry (wlandry_at_[hidden])
Date: 2009-02-21 12:34:12
Beman Dawes <bdawes_at_[hidden]> wrote:
> On Fri, Feb 20, 2009 at 2:47 PM, Sergei Politov <spolitov_at_[hidden]> wrote:
> > The sample commands sequence is:
> > 1) open file
> > 2) check file status (check symlink for instance)
> > 3) process write operation
> > Unfortunately I cannot find a way to do the same using boost::filesystem
> > API.
> I'm having trouble seeing how this is different from what fstream et
> al. does under the covers, unless it is just the check file status you
> are concerned about. Could you provide actual POSIX code for the
> sequence of operations you would like to accomplish?
If I recall correctly, the idea is that a program comes up with a
temporary name. The application then opens the file and passes the
descriptor around. This prevents hostile applications from deleting
that file and creating a symlink in its place.
So the symlink check is to make sure that no one created a symlink
before you could open the file. I suppose that you could check for
symlinks at the same time that you open the file. It feels slightly
less robust, though.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk