Subject: Re: [ecasound] Fw: Bug#86747: ecawave: insecure and broken tmp-file handling
From: Kai Vehmanen (firstname.lastname@example.org)
Date: Thu Feb 22 2001 - 14:28:42 EET
On Wed, 21 Feb 2001, Junichi Uekawa wrote:
> I have received this bug report regarding ecawave.
> To: email@example.com
> Subject: Bug#86747: ecawave: insecure and broken tmp-file handling
Ok, let's see...
> Severity: grave
Uhm, doesn't look promising. ;)
> * Doesn't heed $TMP or $TMPDIR.
True, I've relied solely on 'tmpdir()'.
> * Leaves tempfiles around when exited via window-close.
This shouldn't happen (=bug). If this happens every time (reproducable),
I'd like to know exactly the actions/step you do.
> * Always uses the same file (/tmp/ecawave-clipboard.wav) for swapping out
> clipboard content.
Nope, you can change this by editing your ~/.ecawaverc (see ecawave
> The last issue is the real bummer. If two users use ecawave and its
> clipboard at the same time, one of them will of course be unable to
> open the file. She will get a segfault.
True, this is pretty bad. The whole tmpfile/clipboard issue is quite
problematic. The basic problem is file size. Ecawave can create huge
files (it's designed to handle gigabytes) ... and I'm not sure, what is
the politically and technically correct default location to put these
For what it's worth, these issues have been on my todo-list for quite a
while (replacing all uses of tmpfile() with mkstemp(), proper handling
out-of-temp-space situations, easily configurable tmp- and clipboard
But as it is, the last half year or so, I've concentrated on ecasound
libraries, and not much has happened to ecawave. :( And it is likely, that
this won't change in the near future. The main ecasound package is now my
only priority. I want to get it stable, so we can get away from this
current ecasound-qtecasound-ecawave dependency mess. This development of
course benefits ecawave, so in away, ecawave _is_ actively developed. But
if someone finds these tmp-file issues critical, I'll gladly accept
patches. At least these tempfile problems should be relatively
straightforward to fix.
Anyways, thanks to Robert for the bug report.
-- . http://www.eca.cx ... [ audio software for linux ] /\ . . http://www.eca.cx/sculpscape [ my armchair-tunes mp3/ra/wav ]
-- To unsubscribe send message 'unsubscribe' in the body of the message to <firstname.lastname@example.org>.
This archive was generated by hypermail 2b28 : Thu Feb 22 2001 - 15:18:45 EET