Re: [security question] creating tempfiles]
On Fri, 02 Apr 1999, Wichert Akkerman wrote:
> In general please do use tempfile if possible, since it is a known
> safe method.
I know that there are mktemp(1) and tempfile(1) in Debian but these
programs aren't available on _every_ Unix system. So they are no real
alternative for my needs.
Don't forget, that these two programs create only one file, but I
often need a temporary directory (which additionally makes cleaning up
many temp files at once much easier).
> From: alan@lxorguk.ukuu.org.uk (Alan Cox)
> mkdir will follow dangling symlinks on some platforms
That's a very bad news. Any idea, which platforms have this bug? mkdir
from the GNU File Utilities doesn't seem to have this bug...
> > tmpdir=${TMPDIR-/tmp}/foo.$$
> > mkdir $tmpdir || exit 1
> > trap "rm -rf $tmpdir; exit" 0 1 2 3 15
> There is a tool called mktemp specifically designed for this. its an
> openbsd tool - very useful for script writers
But it only supports files (not directories) and it isn't available
on every system. But I use sh-scripts especially to write portable
"programs". When the user has to install mktemp first, this is a big
drawback.
> On some platforms, the program called 'mktemp' is a security
> disaster area - it chooses a predictable name and makes the file
> unsafely. On RedHat Linux it's fine though.
That's another reason for not using mktemp.
Isn't there any alternative method for creating secure temporary
directories/files only with sh internals or binaries which are
available on _every_ system?
Ciao
Roland
--
* roland@spinnaker.de * http://www.spinnaker.de/ *
PGP: 1024/DD08DD6D 2D E7 CC DE D5 8D 78 BE 3C A0 A4 F1 4B 09 CE AF
Reply to: