Blender

  1. Bug #6671
  2. Comment #3

Comment 3 for bug 6671

Revision history for this message
In , Martin Dickopp (martin-zero-based) wrote : Re: blender: insecure writing to /tmp/quit.blender

reopen 298167
tags 298167 - security
severity 298167 wishlist
retitle 298167 blender: please revert writing quit.blend with O_EXCL and make U.tempdir default to a userdir instead
thanks

Hi,

Creating quit.blend with the O_EXCL flag has a major drawback: after the
file has been written for the first time, all further attempts to write
it again will fail. This makes the feature quite useless, IMHO.

A much better solution, IMHO, would be to make U.tempdir default to a
directory that is not world-writable, e.g. the user's home directory.
Note that the user can configure the value of U.tempdir within Blender,
so she or he can change it to a directory of her or his liking.

This solution would also be more robust with respect to future security
bugs, should future Blender versions use U.tempdir for other purposes
than just creating quit.blend there.

I therefore suggest replacing this code

        if (BLI_streq(U.tempdir, "/")) {
                char *tmp= getenv("TEMP");
                strcpy(U.tempdir, tmp?tmp:"/tmp/");
        }

with

        if (BLI_streq(U.tempdir, "/")) {
                strcpy(U.tempdir, BLI_gethome());
        }

in source/blender/src/usiblender.c.

Thanks,
Martin