[alexandria-devel] Proposed addition of temporary file creation utilities

Hans Hübner hans.huebner at gmail.com
Wed Apr 25 13:05:19 UTC 2012 

On Wed, Apr 25, 2012 at 8:42 AM, Stelian Ionescu <sionescu at cddr.org> wrote:
> On Wed, 2012-04-25 at 06:26 -0400, Hans Hübner wrote:
>
>> Dealing with the umask has no place in this library.  "umask" is a
>> system-specific concept, and file security is something that is
>> orthogonal to temporary files.  If an application wishes to give its
>> temporary files different permissions than other files that it
>> creates, it should do so explicitly.
>
> Quite the opposite, the permissions must be specified at creation time,
> otherwise it's useless

If the Lisp implementation provides a means to specify the file
permissions to cl:open, then that would be how it should be done for
temporary files, too.  I do not understand what you mean by "quite the
opposite" here.  Is there anything in the proposed API that makes it
impossible to specify file permissions, if so supported by the
underlying implementation?

>> And besides, why put temporary files into a shared directory in the
>> first place?
>
> Old habits(a.k.a. Unix tradition). Distributions are slowly changing
> this, but a Lisp library should work in any case

Yes.  As it does.

>> The right way to deal with possible issues in this
>> respect is to create an application specific temporary directory that
>> is completely protected before starting the application, and
>> communicating that directory to the application by the way of the TEMP
>> or TMPDIR environment variable.  That is how Windows and OSX do it,
>> and it is much better than trying to protect files in a shared /tmp/
>> directory.  As if we did not have a hierarchical file system for a few
>> decades.
>
> That's not how they do it. Windows and OSX have a user-specific
> temporary directory and applications usually create a subdirectory of
> their own but with a well-known name: see documentation for
> NSTemporaryDirectory, for example

Windows and OSX do better than Unix by default in that they have user
specific temporary directories, and this is all that we're discussing
anyway.  The only isolation that one can hope to have is on a per-user
level, i.e. one may want to prevent that a process running under a
some user ID can access a (temporary or non-temporary) file created by
a process running under a different user ID.  By making the
user-specific temporary directories inaccessible to other user IDs,
this goal is neatly achieved.

-Hans

More information about the alexandria-devel mailing list