[AOLSERVER] Fix for ns_tmpnam under Windows
Gustaf Neumann
There was a problem with "ns_tmpnam", when the aolserver was compiled under
windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C
using tmpnam(), which exists under WIN32, but behaves differently
as on unix counterparts and is practically unusable. The problem is
that tmnam() under Windows generates a filename for the root directory
of the
actual drive (at least under Vista, no permissions under normal
conditions) and
ignores the TMP environment variable.
See some background info form Microsoft:
http://msdn2.microsoft.com/en-us/library/hs3e7355(VS.80).aspx
I have commited a patch to CVS head to address this problem.
http://aolserver.cvs.sourceforge.net/aolserver/aolserver/nsd/tclfile.c?r1=1.25&r2=1.26
The patch is local and documents the intended behavior and background in
detail.
Please crosscheck.
best regards
-gustaf neumann
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to <list...@listserv.aol.com> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Dossy Shiobara
> I have commited a patch to CVS head to address this problem.
> http://aolserver.cvs.sourceforge.net/aolserver/aolserver/nsd/tclfile.c?r1=1.25&r2=1.26
> The patch is local and documents the intended behavior and background in
> detail.
> Please crosscheck.
Looks good, Gustaf. Thanks for the fix!
--
Dossy Shiobara | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
Tom Jackson
suggests that the replacements are depricated. In general, I think that the
directory where the temp file is created should not be world writable. Some
while back there was a suggestion to replace the C function with a safe
version.
I'll try to find this old info.
tom jackson
On Thursday 24 April 2008 00:32, Gustaf Neumann wrote:
> Dear AOLserver community
>
> There was a problem with "ns_tmpnam", when the aolserver was compiled under
> windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C
> using tmpnam(), which exists under WIN32, but behaves differently
> as on unix counterparts and is practically unusable. The problem is
> that tmnam() under Windows generates a filename for the root directory
> of the
> actual drive (at least under Vista, no permissions under normal
> conditions) and
> ignores the TMP environment variable.
>
> See some background info form Microsoft:
> http://msdn2.microsoft.com/en-us/library/hs3e7355(VS.80).aspx
>
> I have commited a patch to CVS head to address this problem.
> http://aolserver.cvs.sourceforge.net/aolserver/aolserver/nsd/tclfile.c?r1=1
>.25&r2=1.26 The patch is local and documents the intended behavior and
Tom Jackson
http://www.openacs.com/forums/message-view?message_id=64787
I proposed a new config param to set the directory where new files are
created. It used to be possible, and maybe still is, to pass in a query var
when uploading a file, thus allowing users to choose a filename.
tom jackson
On Thursday 24 April 2008 07:08, Tom Jackson wrote:
> Isn't there a new safe version of these functions? The link to msdn also
> suggests that the replacements are depricated. In general, I think that the
> directory where the temp file is created should not be world writable. Some
> while back there was a suggestion to replace the C function with a safe
> version.
>
> I'll try to find this old info.
>
> tom jackson
>
> On Thursday 24 April 2008 00:32, Gustaf Neumann wrote:
> > Dear AOLserver community
> >
> > There was a problem with "ns_tmpnam", when the aolserver was compiled
> > under windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in
> > C using tmpnam(), which exists under WIN32, but behaves differently as on
> > unix counterparts and is practically unusable. The problem is that
> > tmnam() under Windows generates a filename for the root directory of the
> > actual drive (at least under Vista, no permissions under normal
> > conditions) and
> > ignores the TMP environment variable.
> >
> > See some background info form Microsoft:
> > http://msdn2.microsoft.com/en-us/library/hs3e7355(VS.80).aspx
> >
> > I have commited a patch to CVS head to address this problem.
> > http://aolserver.cvs.sourceforge.net/aolserver/aolserver/nsd/tclfile.c?r1
> >=1 .25&r2=1.26 The patch is local and documents the intended behavior and
Titi Alailima
Titi Ala'ilima
Lead Architect
MedTouch LLC
1100 Massachusetts Avenue
Cambridge, MA 02138
617.621.8670 x309
Tom Jackson
with temp files.
I noticed that Tcl core has some internal API for this (temporary files are
used for buffering pipe I/O), which might be able to be used. The core code
also handles file systems which have wide char (I think for the filenames),
and I think it handles end of line conversions, etc. Not sure how important
this is.
Another issue is that [ns_form] and [ns_conn form] have some security issues
related to temporary files. These can't be fixed without changing the API,
but it might be worth keeping in mind.
Any security fix will probably have to use new api such as:
ns_mkstemp templateVar
Example:
set template /path/to/secure/dir/myfileXXXXXX
set fp [ns_mkstemp template] ;# template var is updated
file delete $template ;#(same as ns_unlink $template)
# Use fp to write/read, fp is opened exclusively.
# When $fp is closed file will go away.
# If nsd crashes, the file also goes away.
The file is actually 'unlinked' prior to use, so there is no way to access it,
or even list it from the filesystem.
tom jackson
Gustaf Neumann
-gustaf neumann
Titi Alailima schrieb:
> There is a missing variable declaration in this patch for "i", the for-loop index. Anyone want to make this fix and commit it?
>