|
Posted by Joost Diepenmaat on March 10, 2008, 3:29 pm
Please log in for more thread options
> Well, if someone else unlinks, overwrites or moves the file, the program
> most likely doesn't do what you expect, regardless whether this happens
> before, or after the chmod. And your program doesn't magically do what
> you expect under such conditions if you use sysopen.
You're right, of course. It's just one of the things to
consider. Another is that in this case, the file is supposed to be
unreadable for anyone but the user writing it, but using
chmod($filename) after an open() leaves a short time window during which
someone else could possibly open the file for reading (or maybe even
read+write), which would give them access to the contents of the file as
long as they keep the handle.
Just saying, /if/ you need to specify restrictive permissions, you
probably want to do that it reliably as possible.
--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
|
|
Posted by Abigail on March 10, 2008, 5:20 pm
Please log in for more thread options
_
Joost Diepenmaat (joost@zeekat.nl) wrote on VCCCV September MCMXCIII in
`` > Well, if someone else unlinks, overwrites or moves the file, the program
`` > most likely doesn't do what you expect, regardless whether this happens
`` > before, or after the chmod. And your program doesn't magically do what
`` > you expect under such conditions if you use sysopen.
``
`` You're right, of course. It's just one of the things to
`` consider. Another is that in this case, the file is supposed to be
`` unreadable for anyone but the user writing it, but using
`` chmod($filename) after an open() leaves a short time window during which
`` someone else could possibly open the file for reading (or maybe even
`` read+write), which would give them access to the contents of the file as
`` long as they keep the handle.
Well, this may, or may not be the case.
`` Just saying, /if/ you need to specify restrictive permissions, you
`` probably want to do that it reliably as possible.
OTOH, there are many situations where it doesn't matter. I regularly
open a file with open(), and set its mode afterwards (typically after
closing it), without it being a problem.
I really, really dislike the attitude of many Perl people to respond
to question with suggestions of changing the code that have nothing
at all to do with the question; and all for hypothetical situations
which may not at all be relevant for the OP. To make matter worse,
those hypothetical are usually only revealed after someone asks the
reasons behind the suggestion.
Abigail
--
perl -we '$@="530702253401674".
"052005240013352".
"206074567441";`$@`'
|
|
Posted by Joost Diepenmaat on March 10, 2008, 5:42 pm
Please log in for more thread options
> I really, really dislike the attitude of many Perl people to respond
> to question with suggestions of changing the code that have nothing
> at all to do with the question; and all for hypothetical situations
> which may not at all be relevant for the OP. To make matter worse,
> those hypothetical are usually only revealed after someone asks the
> reasons behind the suggestion.
Which is why I said that "John"'s code would work "almost everytime" and
provided examples of some situations were it wouldn't. Since the poster
indicated he's new to perl he might also be new to these kinds of
potential problems.
I do appreciate you calling me on the above post, by the way: it made me
think a bit harder about the security implications of the race
condition.
--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
|
|
Posted by Peter J. Holzer on March 11, 2008, 6:15 am
Please log in for more thread options >> OK I finally found what really works without using external library:
>>
>> $sec=open(TEKST,">test.txt");
>> chmod 0600,"test.txt";
>> binmode(TEKST);
>> print TEKST ""hello world";
>> close TEKST;
>>
>> 0600 everytime.
>
> Well, almost everytime: if someone else unlinks, overwrites, or moves
> the file (possibly replacing it with another) between the open() and
> chmod() call this won't do what you expect.
If that's a problem you shouldn't use open to open the file for writing
in the first place. Another user could create a symlink named "test.txt"
and you end up overwriting a completely different file.
Use sysopen with the O_EXCL flag instead. Or, if it's a temporary file
(the most common case where this is a problem) use the File::Temp
module.
hp
|
|
Posted by Joost Diepenmaat on March 10, 2008, 3:01 pm
Please log in for more thread options
> $sec=open(TEKST,">test.txt");
> chmod 0600,"test.txt";
Addendum:
You *really* should check the return values of those calls.
canonically:
open(TEXT,">test.txt") or die "Can't open test.txt for writing: $!";
chmod 0600,"test.txt" or die "Can't chmod test.txt: $!";
--
Joost Diepenmaat | blog: http://joost.zeekat.nl/ | work: http://zeekat.nl/
|
| Similar Threads | Posted | | chmod for directories | August 9, 2004, 2:22 pm |
| Problems with chmod | February 28, 2006, 6:23 pm |
| Recursive chmod/chown | February 3, 2006, 10:46 am |
| ExtUtils chmod on Windows? | August 10, 2007, 8:57 am |
| setting uid gid after fork | August 28, 2007, 3:35 am |
| setting %ENV in a module | February 20, 2008, 7:59 pm |
| Re: Setting up mod_perl | March 10, 2008, 2:50 pm |
| Re: Setting up mod_perl | March 11, 2008, 11:17 pm |
| Net::DNS-> About setting more than one nameserver to lookup. | August 7, 2004, 9:05 pm |
| setting cookies (mod_perl) | October 14, 2004, 9:15 pm |
|
XML Sitemap