|
Boost : |
Subject: Re: [boost] [filesystem] security questions
From: Walter Landry (wlandry_at_[hidden])
Date: 2009-02-21 12:34:12
Beman Dawes <bdawes_at_[hidden]> wrote:
> On Fri, Feb 20, 2009 at 2:47 PM, Sergei Politov <spolitov_at_[hidden]> wrote:
> > The sample commands sequence is:
> > 1) open file
> > 2) check file status (check symlink for instance)
> > 3) process write operation
> >
> > Unfortunately I cannot find a way to do the same using boost::filesystem
> > API.
>
> I'm having trouble seeing how this is different from what fstream et
> al. does under the covers, unless it is just the check file status you
> are concerned about. Could you provide actual POSIX code for the
> sequence of operations you would like to accomplish?
If I recall correctly, the idea is that a program comes up with a
temporary name. The application then opens the file and passes the
descriptor around. This prevents hostile applications from deleting
that file and creating a symlink in its place.
So the symlink check is to make sure that no one created a symlink
before you could open the file. I suppose that you could check for
symlinks at the same time that you open the file. It feels slightly
less robust, though.
Cheers,
Walter Landry
wlandry_at_[hidden]
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk