Re: Bug#20241: Timezones should depend on debian-utils
Manoj Srivastava <srivasta@datasync.com> writes:
> Joey> mkdir /tmp/tmpdir || {
> Joey> echo unable to create temporary directory. Giving up. exit 1
> Joey> tmpfile=/tmp/tmpdir.$$/tmpfile
>
> Joey> mkdir will abort if /tmp/tmpdir.$$ alreay exists, and is atomic
> Joey> so it cannot be raced. (Warning: I am not a security
> Joey> expert. However, I've seen this explained several times in the
> Joey> past and I'm pretty sure this is the proper way to do it.)
>
> This suffers from more of a window than my method does.
> rm -f $TEMPFILE && touch $TEMPFILE is safer than this.
It's true that since it's not a setuid program that an attacker can repeatedly
invoke (like say ps on some other OSes) the narrowness of the race condition
can help. But that doesn't really make it "safe".
But i have to say Joey's command is the solution I've always seen given as the
correct, safe solution. mkdir is atomic, and once the directory is created
nobody can spoof files in the directory or remove the directory. It does
depend on /tmp having the sticky bit set, and the script running with a safe
umask. But if /tmp doesn't have the sticky bit set then there's no safe way to
use a temporary file there in a shell script.
greg
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: