Michael,
I am ccing the erlware-dev list just to keep people appraised. See
responses inline.
On Mon, May 14, 2012 at 6:26 PM, Michael Gebetsroither <
mic...@mgeb.org> wrote:
> Hi Eric,
>
> I just tried to rename ec_dictionary to ec_dict as promised but seems not that easy.
> The type is really named dictionary, renaming to dict is not possible as it's already in
> erl_types.erl from otp/stdlib.
I am pretty sure I ran into a similar thing originally.
>
> ec_dict vs ec_dictionary is too confusing if the implementation of ec_dictionary really contains
> implementation for type dict but ec_dict is the generic interface.
> Mabe something like ec_dict_impl.
>
> I doubt i can really just decide on such core points about "your" library and would like to ask before
> sending an inappropriate pull request which would disrupt quite a bit of code...
Well its not really my library, it should be a community library
though erlware has custodian ship of it. That said, it sounds like we
just need to solve the naming conflict. Unfortunately, nothing is
coming to me.
I am ok with the renaming suggestions you above in any case.
>
> btw... imho there is a security bug/problem in erlware-commons/ec_file.
> The function in question is mkdtemp which calls mkdir_path but which is not
> using O_EXCL flag to create the temp directory, thus making it prone to link high-jacking.
> Additionally it uses a completely monotone and predictable random-part which
> would make it quite an easy target.
> It also doesn't error out if the directory already exists, thus an attacker could highjack
> the mkdtemp call without the application noticing and possible get to sensitive data.
> Not setting permissions to 0700 for the temp dir is also something unexpected.
>
> Imho if the name of a function is the same as from a standard defined function with special
> security guarantees it's deadly to have the same name but none of the security guarantees.
I agree with you and it should be fixed. Would you file an issue
against erlware/erlware_commons with this detail?
> michael