undefined | Better HN

0 pointsrootVIII5y ago0 comments

Well any old working directory that exists at startup is removed. So an attacker would not be able to create the directory before the user runs the program. And they would have to be logged in as the user in order to edit the pngtopdf.py file as it is created with 0700. Also, I would rather specify the actual bytes directly and force a lazy programmer to look at the ASCII table over using []byte(" "). These are just some of my after-thoughts.

0 comments

2 comments · 1 top-level

TheDong5y ago· 1 in thread

> So an attacker would not be able to create the directory before the user runs the program

I said it was a race. An attacker would race with the program's deletion of the directory to recreate it. This race is really easy to do, and there have been numerous CVEs for this sort of race.

> And they would have to be logged in as the user in order to edit the pngtopdf.py file as it is created with 0700

That's not true.

If I own a directory, I can delete and recreate the files in that directory, even if I don't own the file, even if the file is 0700. Feel free to experiment around to see this.

rootVIIIOP5y ago

Hmm okay. I'm going to start fixing that part and also attempt some CGO/objective-C to replace the python dependency. I had figured that removing any possible directory that could be seen as an application directory (at app-startup) would alleviate the issue you described. Thanks for the feedback though and also taking the time to look.

j / k navigate · click thread line to collapse