[m-rev.] for review: Improve Mercury's temporary files and directories predicates.
Paul Bone
paul at bone.id.au
Wed Apr 13 13:50:25 AEST 2016
On Wed, Apr 13, 2016 at 11:47:32AM +0800, Sebastian Godelet wrote:
> Hi Paul,
>
> > I don't really know C# and have even less knowledge of Erlang. I've not
> > implemented these for the Erlang backend and a reviewer may wish to
> > scrutinze the C# code in particular.
> > + DirName = Path.Combine(Dir, Path.GetRandomFileName());
> > + /*
> > + * This is not secure:
> > + * 1. We cannot set permissions
> There is an overload which allows you to specify the security
> var securityRules = new DirectorySecurity();
> // apply something like 600 here
> Directory.CreateDirectory(path, securityRules);
> > + * 2. We cannot atomically test for and create a directory
> This Path.GetRandomFileName() should create a unique and secure (cannot be guessed) path, so we don't need to test for existence.
> But CreateDirectory will actually do the test for you and returns the information using a DirectoryInfo object.
> We could check if this complies with the required security permissions or rely on .NET exceptions thrown (UnauthorizedAccessException)
> > + */
> > + Directory.CreateDirectory(DirName);
> > + Error = 0;
> > + ErrorMessage = """";
>
> cheers,
>
Hi Sebastian,
I'd be happy for you to make any changes you think it needs. That'll
probably be easiest for both of us.
Cheers.
--
Paul Bone
More information about the reviews
mailing list