Re: Temporary file policy
On 12 Sep 1997, Guy Maor wrote:
> A new command, tempfile(1), was added to debianutils 1.6. tempfile
> creates a temporary file in a safe manner. It uses tempnam(3) and
> allows you to specify the directory, prefix, and mode. For example,
> you can use it like this:
>
> set -e
> tf=$(tempfile -m 600)
> echo "super secret something" > $tf
> mv $tf /etc/whatever
I see a problem here... suppose /etc and $TMPDIR (/tmp) aren't
in the same filesystem. In this case, the `mv' isn't atomic and the
file in /etc may be truncated at some time.
For example:
# strace mv /tmp/something /etc/something
...
rename("/tmp/something", "/etc/something") = -1 EXDEV (Invalid cross-device link)
unlink("/etc/something") = -1 ENOENT (No such file or directory)
open("/tmp/something", O_RDONLY) = 3
open("/etc/something", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 4
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 8192
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 8192) = 2048
write(4, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2048) = 2048
read(3, "", 8192) = 0
close(3) = 0
close(4) = 0
...
I think it's a big problem... specially if the file to be
written is as important as /etc/passwd can be.
Suggested fix: add an argument with the directory where you
want the temp file created, in order to create temporate uniq files in
/etc, for example.
--
Juan Cespedes
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: