[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#20241: Timezones should depend on debian-utils

Manoj Srivastava wrote:
>  (though my toruous shell script can serve to be a poor mans
>  tempfile if tempfile is not available.)

Not on my system, it can't! It has a race condition. As you yourself said:

> The non-tempfile           
> solution is not quite as safe (since a link maybe created ater we              
> test for existence and before we create an empty file, or after we             
> remove and before we create the empty file, but those windows are              
> relatively small.

Yes, you have a race condition there. And yes, similar race conditions have
been successfully exploited. It doesn't matter how small the window is.

A safe way to make a /tmp file:

mkdir /tmp/tmpdir || {
	# You can replace this with something else if you like, perhaps
	# something that tries another directory name.
        echo unable to create temporary directory. Giving up.
        exit 1

mkdir will abort if /tmp/tmpdir.$$ alreay exists, and is atomic so it cannot
be raced. (Warning: I am not a security expert. However, I've seen this
explained several times in the past and I'm pretty sure this is the proper
way to do it.)

see shy jo

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: