[m-rev.] for review: Improve Mercury's temporary files and directories predicates.

Sebastian Godelet sebastian.godelet at outlook.com
Wed Apr 13 13:47:32 AEST 2016

Previous message: [m-rev.] for review: Improve Mercury's temporary files and directories predicates.
Next message: [m-rev.] for review: Improve Mercury's temporary files and directories predicates.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Paul,

> I don't really know C# and have even less knowledge of Erlang.  I've not
> implemented these for the Erlang backend and a reviewer may wish to
> scrutinze the C# code in particular.
> +        DirName = Path.Combine(Dir, Path.GetRandomFileName());
> +        /*
> +         * This is not secure:
> +         *   1. We cannot set permissions
There is an overload which allows you to specify the security
var securityRules = new DirectorySecurity();
// apply something like 600 here
Directory.CreateDirectory(path, securityRules);
> +         *   2. We cannot atomically test for and create a directory
This Path.GetRandomFileName() should create a unique and secure (cannot be guessed) path, so we don't need to test for existence.
But CreateDirectory will actually do the test for you and returns the information using a DirectoryInfo object.
We could check if this complies with the required security permissions or rely on .NET exceptions thrown (UnauthorizedAccessException)
> +         */
> +        Directory.CreateDirectory(DirName);
> +        Error = 0;
> +        ErrorMessage = """";

cheers,

Sebastian.

Previous message: [m-rev.] for review: Improve Mercury's temporary files and directories predicates.
Next message: [m-rev.] for review: Improve Mercury's temporary files and directories predicates.
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the reviews mailing list