[Libreoffice] [PATCH] Simplify a function returning the temporary directory name
Francois Tigeot
ftigeot at wolfpond.org
Wed Jul 13 09:48:42 PDT 2011
On Wed, Jul 13, 2011 at 09:16:33AM -0600, Tor Lillqvist wrote:
> Do we really want to have those access() checks there?
>
> I am not evil enough to think of a way to abuse that code (insert maniacal laughter), but in general, isn't that exactly the kind of coding that could be a security vulnerability? (TOCTTOU seems to be the technical term, http://en.wikipedia.org/wiki/Time-of-check-to-time-of-use )
These were added by Caolán; I've no strong feeling about them.
Caolán, is there a special reason you added the access() checks ?
--
Francois Tigeot
More information about the LibreOffice
mailing list