Re: Bug#20241: Timezones should depend on debian-utils
Manoj Srivastava wrote:
> (though my toruous shell script can serve to be a poor mans
> tempfile if tempfile is not available.)
Not on my system, it can't! It has a race condition. As you yourself said:
> The non-tempfile
> solution is not quite as safe (since a link maybe created ater we
> test for existence and before we create an empty file, or after we
> remove and before we create the empty file, but those windows are
> relatively small.
Yes, you have a race condition there. And yes, similar race conditions have
been successfully exploited. It doesn't matter how small the window is.
A safe way to make a /tmp file:
mkdir /tmp/tmpdir || {
# You can replace this with something else if you like, perhaps
# something that tries another directory name.
echo unable to create temporary directory. Giving up.
exit 1
}
tmpfile=/tmp/tmpdir.$$/tmpfile
mkdir will abort if /tmp/tmpdir.$$ alreay exists, and is atomic so it cannot
be raced. (Warning: I am not a security expert. However, I've seen this
explained several times in the past and I'm pretty sure this is the proper
way to do it.)
--
see shy jo
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: