Heiko Oberdiek writes:
Hello, On Mon, Dec 19, 2005 at 01:01:19AM +0100, Martin Schröder wrote:
The attached patch unlinks the current file, if a fatal
error happens. Currently this is done without any checks,
and may be a security problem.
The patch does this:
if (outputfilename) { xfclose(pdffile, makecstring(outputfilename)); unlink (makecstring(outputfilename)); }
How safe is this? And how safe is this for TeX security wise? And is there a better way?
Perhaps it is more safe, if pdfTeX deletes the file only if it was successfully opened for writing before to ensure that the file that pdfTeX removes was generated by pdfTeX before.
For portability, use remove(3) instead of unlink(2). If the file came out of xfopen, then we're already assured that pdftex opened it for writing, so it should definitely be ours to remove. I don't see security issues here (they'd have to be dealt with at the point where the file is opened). -- Olaf Weber (This space left blank for technical reasons.)