Re: [patch] Re: security problem with temp files [was Re:

To: mutt-dev@xxxxxxxx
Subject: Re: [patch] Re: security problem with temp files [was Re:
From: Kyle Wheeler <kyle-mutt-dev@xxxxxxxxxxxxxx>
Date: Thu, 5 Oct 2006 10:59:52 -0400
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=memoryhole.net; b=fkU2h4E2k6mxjt2yLSf9iOUcDS1AQ5+fuoYXP7VAOOf3DQNh89+uJc6q/6EioVhlj/5nkAtY/hCfS5hpvTB+iq/JIykdAo/qae/b4xQ4oK6vgpCxsZykL7af5d4HblfMzjIeSf59Pam329HKKcJsvS+iETeR/PHOoy930uHyKCk= ;
In-reply-to: <20061005142746.GB21689@xxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?Subject="Unsubscribe Mutt Dev"?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
References: <20061004153643.GF619@xxxxxxxxxxxxx> <20061003204656.GG13301@xxxxxxx> <20061004074534.GA21588@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20061004142652.GB619@xxxxxxxxxxxxx> <20061004151926.GE619@xxxxxxxxxxxxx> <20061004203929.GB19527@xxxxxxxxxxxxx> <20061004205840.GS11858@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20061004221619.GC19527@xxxxxxxxxxxxx> <20061005082549.GA26409@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20061005142746.GB21689@xxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.5.13 (2006-09-08)

On Thursday, October  5 at 10:27 AM, quoth Derek Martin:

I will also note that both unlink() and rmdir() can fail in
mutt_put_file_in_place.  The call to unlink fails trivially (i.e. in
the case of hardware failure, generally),

Unless your mailboxes/temp-space happen to be on a networkedfilesystem like NFS or AFS. Then unlinking can fail without hardwarefailure. When considering syscalls, anything that *can* fail, probablyhas a good reason for failing in at least one case.

If the rmdir fails, it could signal
something fishy is going on...  It might be worth notifying the user
about that.  If nothing else it gives them a chance to manually clean
up the mess that mutt wasn't able to clean up.


Most failures like that are at least worth notifying the user about.

~Kyle
--

Selfishness is not living as one wishes to live, it is asking othersto live as one wishes to live.

                                                       -- Oscar Wilde

Attachment: pgpbthLN3ngzD.pgp
Description: PGP signature

References:
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- mutt_adv_mktemp() ?
  - From: Pawel S. Veselov
- Re: mutt_adv_mktemp() ?
  - From: Rocco Rutte
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- Re: mutt_adv_mktemp() ?
  - From: Kyle Wheeler
- security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Derek Martin
- Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Thomas Roessler
- Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Derek Martin
- [patch] Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Thomas Roessler
- Re: [patch] Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
  - From: Derek Martin

Prev by Date: Re: [patch] Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
Next by Date: [PATCH] S/MIME bundle root CAcert.org
Previous by thread: Re: [patch] Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
Next by thread: Re: [patch] Re: security problem with temp files [was Re: mutt_adv_mktemp() ?]
Index(es):
- Date
- Thread