Remove all hardcoded paths to /tmp about bolt HOT 6 CLOSED

@tv42 What's the security issue exactly? They're all in tests and go test code already has full system access anyway. Also, the last 3 db_test.go references are only for generating string representations of DB. The example_test.go references are there because it's cleaner to show in the Examples section of godocs.

from bolt.

Fixed in #127.

from bolt.

Sorry for losing track of this ticket. The bad code is gone, replying here for the sake of historical record.

The reason for avoiding hardcoded paths to files inside /tmp is that on multi-user systems, that behavior lets other users attack you. Classic attacks target root, but this is a general user isolation crossing technique.

Some more modern less-UNIX environments have all kinds of mitigating mechanisms, but even if the attacks themselves are stopped, if a program assumes /tmp/foo is safe to mess with, what happens when you run two copies of the program? Or two different users run the program? Or someone does "touch /tmp/foo" and goes on a vacation? (Cue rant about how /tmp should not be shared across users anymore, in this day and age of bind mounts and what not.)

http://www.infosecwriters.com/texts.php?op=display&id=159
https://en.wikipedia.org/wiki/Symlink_race

from bolt.

Thanks for following up on the ticket. By the way, I really liked your LA gophers talk on Bolt. I thought it was a really straightforward and good intro.

from bolt.

Thanks! Feel free to steal my way of explaining it ;)

from bolt.

Definitely! I'm going to start closing up the "documentation" GitHub issues. It'll be useful for writing a Getting Started section.

from bolt.