Quoting era eriksson (reriksso(_at_)cc(_dot_)helsinki(_dot_)fi):
Roderick Schertler <roderick(_at_)argon(_dot_)org> wrote:
> For practical purposes it will mean the same thing, but it's a bad habit
> to get in to. The race condition inherent in test-then-use is probably
> the second most common security culprit on today's Internet. It's a
> habit that none of us can afford to have.
If you're afraid the directory might suddenly disappear, I'm afraid I
don't see how `pwd` or anything else could be 100% bulletproof either.
(You could perhaps deliver via a script which would always check for
the presence of your destination file but what if the partition the
script is on suddenly breaks down, or whatever. Another idea would be
to always include a :E fallback for all critical recipes, perhaps
writing to /tmp if the first attempt at delivery fails.)
I think that the point wasn't to ensure that the write would succeed,
but rather that a cracker won't remove the directory between the time
you check for it and the time you use it. (Not that hard to do, with
a little planning.) In this application the risk is minimal, but I
think that Roderick was suggesting that chdir'ing into the directory
is just a good habit to get into. (Once you're in it, it can't be
removed behind your back.)
Mike Stone