Re: NSTemporaryDirectory() and security

FROM : Chris Parker
DATE : Tue May 01 21:59:48 2007

On May 1, 2007, at 11:50 AM, Rosyna wrote:

> You can use FSFindFolder() to get the temp directory for the user's 
> specific domain.


On Tiger, NSTemporaryDirectory() calls FSFindFolder() and returns a 
path appropriate for use by applications wishing to store temporary 
files for the calling user.

The directory has appropriate permissions which prevent anyone other 
than the user from futzing around in the directory, which addresses 
the race issue most security people have with just writing files in 
world-writeable locations.

As Rosyna notes below, don't sequester this path off someplace and 
keep using it - the path may change from release to release.

.chris

> Note the folder returned by this has changed drastically between Mac 
> OS X releases, so never, ever store paths.
>
> Ack, at 5/1/07, Jaime Magiera said:
>

>> However, there is a security issue, in the eyes of some, that 
>> writing to /tmp is bad. So, they have it cordoned off on their 
>> systems. Another issue would be if a user was rendering content 
>> that they didn't want other users (such as those logged via SSH) to 
>> see.

>
> --
>
>
> Sincerely,
> Rosyna Keller
> Technical Support/Carbon troll/Always needs a hug
>
> Unsanity: Unsane Tools for Insanely Great People
>
> It's either this, or imagining Phil Schiller in a thong.
> _______________________________________________
>
> Cocoa-dev mailing list (<email_removed>)
>
> Do not post admin requests or moderator comments to the list.
> Contact the moderators at cocoa-dev-admins(at)lists.apple.com
>
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/cocoa-dev/<email_removed>
>
> This email sent to <email_removed>