There was a problem with "ns_tmpnam", when the aolserver was compiled under windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C using tmpnam(), which exists under WIN32, but behaves differently as on unix counterparts and is practically unusable. The problem is that tmnam() under Windows generates a filename for the root directory of the actual drive (at least under Vista, no permissions under normal conditions) and ignores the TMP environment variable.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70)
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Isn't there a new safe version of these functions? The link to msdn also suggests that the replacements are depricated. In general, I think that the directory where the temp file is created should not be world writable. Some while back there was a suggestion to replace the C function with a safe version.
I'll try to find this old info.
tom jackson
On Thursday 24 April 2008 00:32, Gustaf Neumann wrote:
> There was a problem with "ns_tmpnam", when the aolserver was compiled under > windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C > using tmpnam(), which exists under WIN32, but behaves differently > as on unix counterparts and is practically unusable. The problem is > that tmnam() under Windows generates a filename for the root directory > of the > actual drive (at least under Vista, no permissions under normal > conditions) and > ignores the TMP environment variable.
> To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the > email message. You can leave the Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
I proposed a new config param to set the directory where new files are created. It used to be possible, and maybe still is, to pass in a query var when uploading a file, thus allowing users to choose a filename.
tom jackson
On Thursday 24 April 2008 07:08, Tom Jackson wrote:
> Isn't there a new safe version of these functions? The link to msdn also > suggests that the replacements are depricated. In general, I think that the > directory where the temp file is created should not be world writable. Some > while back there was a suggestion to replace the C function with a safe > version.
> I'll try to find this old info.
> tom jackson
> On Thursday 24 April 2008 00:32, Gustaf Neumann wrote: > > Dear AOLserver community
> > There was a problem with "ns_tmpnam", when the aolserver was compiled > > under windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in > > C using tmpnam(), which exists under WIN32, but behaves differently as on > > unix counterparts and is practically unusable. The problem is that > > tmnam() under Windows generates a filename for the root directory of the > > actual drive (at least under Vista, no permissions under normal > > conditions) and > > ignores the TMP environment variable.
> > To Remove yourself from this list, simply send an email to > > <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the > > email message. You can leave the Subject: field of your email blank.
> To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the > email message. You can leave the Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
> -----Original Message----- > From: AOLserver Discussion [mailto:AOLSER...@LISTSERV.AOL.COM] On > Behalf Of Gustaf Neumann > Sent: Thursday, April 24, 2008 3:33 AM > To: AOLSER...@LISTSERV.AOL.COM > Subject: [AOLSERVER] Fix for ns_tmpnam under Windows
> Dear AOLserver community
> There was a problem with "ns_tmpnam", when the aolserver was compiled > under > windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C > using tmpnam(), which exists under WIN32, but behaves differently > as on unix counterparts and is practically unusable. The problem is > that tmnam() under Windows generates a filename for the root directory > of the > actual drive (at least under Vista, no permissions under normal > conditions) and > ignores the TMP environment variable.
> To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
-----Original Message----- From: AOLserver Discussion [mailto:AOLSER...@LISTSERV.AOL.COM] On Behalf Of
Titi Alailima Sent: 05 May 2008 19:03 To: AOLSER...@LISTSERV.AOL.COM Subject: Re: [AOLSERVER] Fix for ns_tmpnam under Windows
There is a missing variable declaration in this patch for "i", the for-loop index. Anyone want to make this fix and commit it?
Titi Ala'ilima Lead Architect MedTouch LLC 1100 Massachusetts Avenue Cambridge, MA 02138 617.621.8670 x309
> -----Original Message----- > From: AOLserver Discussion [mailto:AOLSER...@LISTSERV.AOL.COM] On > Behalf Of Gustaf Neumann > Sent: Thursday, April 24, 2008 3:33 AM > To: AOLSER...@LISTSERV.AOL.COM > Subject: [AOLSERVER] Fix for ns_tmpnam under Windows
> Dear AOLserver community
> There was a problem with "ns_tmpnam", when the aolserver was compiled > under > windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C > using tmpnam(), which exists under WIN32, but behaves differently > as on unix counterparts and is practically unusable. The problem is > that tmnam() under Windows generates a filename for the root directory > of the > actual drive (at least under Vista, no permissions under normal > conditions) and > ignores the TMP environment variable.
> To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
After Gustaf updated this for WIN32, I started looking at some old problems with temp files.
I noticed that Tcl core has some internal API for this (temporary files are used for buffering pipe I/O), which might be able to be used. The core code also handles file systems which have wide char (I think for the filenames), and I think it handles end of line conversions, etc. Not sure how important this is.
Another issue is that [ns_form] and [ns_conn form] have some security issues related to temporary files. These can't be fixed without changing the API, but it might be worth keeping in mind.
Any security fix will probably have to use new api such as:
ns_mkstemp templateVar
Example:
set template /path/to/secure/dir/myfileXXXXXX set fp [ns_mkstemp template] ;# template var is updated file delete $template ;#(same as ns_unlink $template)
# Use fp to write/read, fp is opened exclusively. # When $fp is closed file will go away. # If nsd crashes, the file also goes away.
The file is actually 'unlinked' prior to use, so there is no way to access it, or even list it from the filesystem.
> There is a missing variable declaration in this patch for "i", the for-loop > index. Anyone want to make this fix and commit it?
> Titi Ala'ilima > Lead Architect > MedTouch LLC > 1100 Massachusetts Avenue > Cambridge, MA 02138 > 617.621.8670 x309
> > -----Original Message----- > > From: AOLserver Discussion [mailto:AOLSER...@LISTSERV.AOL.COM] On > > Behalf Of Gustaf Neumann > > Sent: Thursday, April 24, 2008 3:33 AM > > To: AOLSER...@LISTSERV.AOL.COM > > Subject: [AOLSERVER] Fix for ns_tmpnam under Windows
> > Dear AOLserver community
> > There was a problem with "ns_tmpnam", when the aolserver was compiled > > under > > windows (esp. Vista). The Tcl command"ns_tmpnam" is implemented in C > > using tmpnam(), which exists under WIN32, but behaves differently > > as on unix counterparts and is practically unusable. The problem is > > that tmnam() under Windows generates a filename for the root directory > > of the > > actual drive (at least under Vista, no permissions under normal > > conditions) and > > ignores the TMP environment variable.
> > To Remove yourself from this list, simply send an email to > > <lists...@listserv.aol.com> with the > > body of "SIGNOFF AOLSERVER" in the email message. You can leave the > > Subject: field of your email blank.
> To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the > email message. You can leave the Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
