Bug#2301: bash doesn't document any way to safely create tmp file

To: Debian bugs submission address <debian-bugs@Pixar.com>
Subject: Bug#2301: bash doesn't document any way to safely create tmp file
From: Ian Jackson <ijackson@chiark.chu.cam.ac.uk>
Date: Thu, 8 Feb 96 12:47 GMT
Message-id: <[🔎] m0tkVlU-0002XZC@chiark.chu.cam.ac.uk>
Reply-to: Ian Jackson <ijackson@chiark.chu.cam.ac.uk>, debian-bugs@Pixar.com

Package: bash
Version: 1.14.4-2

In order to safely create a file in /tmp it is necessary to pass the
O_EXCL and O_CREAT options to open, so that you can't be tricked into
(for example) following a symlink put there by someone else.

The bash(1) manpage doesn't document any way to get this behaviour.

Experimentation using `strace' shows that setting the bash-specific
`noclobber' option has the desired effect, but this is not documented.

It should be documented, especially so that we are sure that the
writers of bash know that it is important that they don't change the
behaviour (for example, by testing the file for existence first and
then creating it without O_EXCL).

My experiments show that the >|foo construct will create or truncate
foo *without* O_EXCL.  Ie, >| acts as if noclobber were _not_ set; it
would be more accurate to describe it that way, than to say that it
causes "file creation [to be] attempted".  The latter phrasing seems
to imply that it acts as if noclobber _were_ set.

In case this isn't clear enough (I'm having a bit of difficulty
expressing this): the manual appears to suggest that >| enables
attempted creation of files, which is silly because even > will create
nonexisting files.  What >| actually does is allow overwriting of
existing files, which is not usually allowed when noclobber is set.

Ian.

Reply to:

Prev by Date: Re: Bug#2296: debian-bugs WWW doesn't say how to find out Debian version
Next by Date: Re: MSDOS name conversion
Previous by thread: Bug#2300: unable to reboot
Next by thread: Packages on master.debian.org
Index(es):
- Date
- Thread