| Server IP : 109.234.164.53 / Your IP : 216.73.216.110 Web Server : Apache System : Linux cervelle.o2switch.net 4.18.0-553.32.1.lve.el8.x86_64 #1 SMP Thu Dec 19 13:14:03 UTC 2024 x86_64 User : computer3 ( 1098) PHP Version : 7.1.33 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /opt/cpanel/ea-ruby27/src/passenger-release-6.1.2/doc/ |
Upload File : |
# Handling of temp files Always use unpredictable filenames for temp files. Failing to do so makes us vulnerable to symlink attacks, TOCTOU race conditions, file squatting, or even information disclosure and privilege escalation. Always use a tempfile creation strategy that atomically: 1. Finds a free filename, *and*, 2. Reserves that filename (failing if it already exists), *and*, 3. Restrict permissions to only the intended user (e.g. mode 0600), Doing these non-atomically makes us vulnerable to TOCTU race conditions. Implementation tips: - Use getSystemTempDir() - Use mkstemp() for single, regular files. Don't use it for non-regular files such as Unix sockets; use a temp dir instead. - Use mkdtemp() for creating a temp dir or for storing temp non-regular files. - mktemp() is bad.