diff options
| -rw-r--r-- | installer-downloader/src/temp.rs | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/installer-downloader/src/temp.rs b/installer-downloader/src/temp.rs index a40019df4f..1c30bf5e37 100644 --- a/installer-downloader/src/temp.rs +++ b/installer-downloader/src/temp.rs @@ -11,10 +11,11 @@ //! # macOS //! //! The downloader does not run as a privileged user, so we store downloads in a temporary -//! directory. +//! directory that only the current user may access. //! -//! This is vulnerable to TOCTOU, ie replacing the file after its hash has been verified, but only -//! by the current user. Using a random directory name mitigates this issue. +//! This is potentially vulnerable to TOCTOU, ie replacing the file after its hash has been +//! verified, but only by the current user. However, this would require asking the user to approve +//! privilege escalation, just like the actual installer does. use anyhow::Context; use async_trait::async_trait; |