Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: improve security documentation #311

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

docs: improve security documentation #311

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
530d11b
docs: improve security documentation
n0toose Nov 17, 2024
a17bc5c
address review comments
n0toose Nov 18, 2024
f4bac10
address review comments, again
n0toose Nov 19, 2024
5e561e9
add Builder::rand_bytes
n0toose Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,10 +26,17 @@
//! In the presence of pathological temporary file cleaner, relying on file paths is unsafe because
//! a temporary file cleaner could delete the temporary file which an attacker could then replace.
//!
//! `tempfile` doesn't rely on file paths so this isn't an issue. However, `NamedTempFile` does
//! rely on file paths for _some_ operations. See the security documentation on
//! the `NamedTempFile` type for more information.
//!
//! This should not be an issue for `tempfile`, as it does not rely on file paths
//! and a temporary file's default permissions on Unix is 0600 by default.
//! However, `NamedTempFile` does rely on file paths for _some_ operations.
//! Take a look at the Security documentation of [`NamedTempFile`] for more information.
//!
//! If a process is able to predict the name of a temporary file / directory, depending
//! on your use case and threat model, some additional security issues may occur.
//! On Unix-like operating systems, you may be able to mitigate such issues by
//! overriding the crate's default options for temporary directories.
//! See [`Builder::permissions`], [`Builder::rand_bytes`] and [`env::override_temp_dir`].
//!
//! The OWASP Foundation provides a resource on vulnerabilities concerning insecure
//! temporary files: https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File
//!
Expand Down Expand Up @@ -172,7 +179,7 @@ pub use crate::file::{
};
pub use crate::spooled::{spooled_tempfile, SpooledData, SpooledTempFile};

/// Create a new temporary file or directory with custom parameters.
/// Create a new temporary file or directory with custom options.
#[derive(Debug, Clone, Eq, PartialEq)]
pub struct Builder<'a, 'b> {
random_len: usize,
Expand Down Expand Up @@ -349,7 +356,7 @@ impl<'a, 'b> Builder<'a, 'b> {
///
/// # Security
///
/// By default, the permissions of tempfiles on unix are set for it to be
/// By default, the permissions of tempfiles on Unix are set for it to be
/// readable and writable by the owner only, yielding the greatest amount
/// of security.
/// As this method allows to widen the permissions, security would be
Expand All @@ -369,7 +376,7 @@ impl<'a, 'b> Builder<'a, 'b> {
/// ## Windows and others
///
/// This setting is unsupported and trying to set a file or directory read-only
/// will cause an error to be returned..
/// will return an error.
///
/// # Examples
///
Expand Down