summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorDavid Lönnhager <david.l@mullvad.net>2025-03-21 13:27:11 +0100
committerDavid Lönnhager <david.l@mullvad.net>2025-03-21 13:27:11 +0100
commit5b3d6c21107f17451cf2b34f13dbf710588f0a23 (patch)
treed5ca991870eb34d1eb32bba494fdbb3a3f121e51
parent0f58351bed614746d2d326007e8255d23b1f0893 (diff)
parenta5b7a21a187e09880b41e342c778e783ecc2efc0 (diff)
downloadmullvadvpn-5b3d6c21107f17451cf2b34f13dbf710588f0a23.tar.xz
mullvadvpn-5b3d6c21107f17451cf2b34f13dbf710588f0a23.zip
Merge branch 'fix-misleading-docs'
-rw-r--r--installer-downloader/src/temp.rs7
1 files changed, 4 insertions, 3 deletions
diff --git a/installer-downloader/src/temp.rs b/installer-downloader/src/temp.rs
index a40019df4f..1c30bf5e37 100644
--- a/installer-downloader/src/temp.rs
+++ b/installer-downloader/src/temp.rs
@@ -11,10 +11,11 @@
//! # macOS
//!
//! The downloader does not run as a privileged user, so we store downloads in a temporary
-//! directory.
+//! directory that only the current user may access.
//!
-//! This is vulnerable to TOCTOU, ie replacing the file after its hash has been verified, but only
-//! by the current user. Using a random directory name mitigates this issue.
+//! This is potentially vulnerable to TOCTOU, ie replacing the file after its hash has been
+//! verified, but only by the current user. However, this would require asking the user to approve
+//! privilege escalation, just like the actual installer does.
use anyhow::Context;
use async_trait::async_trait;