security::safe_tmpfile_p (public)

 security::safe_tmpfile_p [ -must_exist ] tmpfile

Defined in packages/acs-tcl/tcl/security-procs.tcl

Checks that a file is a safe tmpfile, that is, it belongs to the configured tmpdir. When the file exists, we also enforce additional criteria: - file must belong to the current system user - file must be readable and writable by the current system user

Switches:

-must_exist (optional, boolean)

make sure the file exists

Parameters:

tmpfile (required)

absolute path to a possibly existing tmpfile

Returns:

boolean

Partial Call Graph (max 5 caller/called nodes):

Testcases:

safe_tmpfile_p

Source code:

    #
    # Ensure no ".." in the path
    #
    set tmpfile [ns_normalizepath $tmpfile]
    set tmpdir [string trimright [ns_config ns/parameters tmpdir] /]

    if {[ad_file dirname $tmpfile] ne $tmpdir} {
        #
        # File is not a direct child of the tmpfolder: not safe
        #
        return false
    }

    if {![ad_file exists $tmpfile]} {
        #
        # File does not exist yet: safe, unless we demand for the file
        # to exist.
        #
        return [expr {!$must_exist_p}]
    }

    if {![ad_file owned $tmpfile]} {
        #
        # File does not belong to us: not safe
        #
        return false
    }

    if {![ad_file readable $tmpfile]} {
        #
        # We cannot read the file: not safe
        #
        return false
    }

    if {![ad_file writable $tmpfile]} {
        #
        # We cannot write the file: not safe
        #
        return false
    }

    #
    # The file is safe
    #
    return true

Generic XQL file:

packages/acs-tcl/tcl/security-procs.xql

PostgreSQL XQL file:

packages/acs-tcl/tcl/security-procs-postgresql.xql

Oracle XQL file:

packages/acs-tcl/tcl/security-procs-oracle.xql