[dev] imp-2.2.4 tmpfile problems ?

Brent J. Nordquist bjn@horde.org
Mon, 21 May 2001 22:01:43 -0500 (CDT)


On Mon, 21 May 2001, Brent J. Nordquist <bjn@horde.org> wrote:

> On Mon, 21 May 2001, Jarno Huuskonen <Jarno.Huuskonen@uku.fi> wrote:
>
> > I tested this with both php-3.0.18 / php-4.0.5 with upload_tmp_dir set
> > to /tmp (safe mode off)
>            ^^^^^^^^^^^^^
> What's the point?  The ownership checks in PHP 4.0.5 copy() aren't
> effective unless you run in safe mode.

OK, I was under a couple of misapprehensions:  (1) I thought I've been
running in safe mode here all this time, and I wasn't.  (2) Safe mode is
apparently only a false sense of security; it isn't airtight.

So we're agreed that we need to go ahead with a solution that will work
for 2.2.x with safe mode off.  For the attachment upload, I've checked in
a patch that's equivalent to the one you posted... but that uses the
pathname from the uploaded file (since tmpdir() doesn't exist in 2.2.x).
Chuck has already taken care of the date-encoded filenames with the
viewers.

> > IMHO upload_tmp_dir/safe_mode should be mentioned in imp/docs/SECURITY.
>
> We can do that.

I'm only going to add the note about upload_tmp_dir, not safe mode, based
on the above.

> > - (and the php3 problem that: php-3.0.18 doesn't use mkstemp/O_EXCL in tempnam
> >   (this is not imp problem, but might be worth mentioning in imp/docs/SECURITY))

Done also.

-- 
Brent J. Nordquist <bjn@horde.org> N0BJN
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942