Re: [security question] creating tempfiles]
In article <19990402204449.H324@spinnaker.rhein.de> you write:
>> mkdir will follow dangling symlinks on some platforms
>That's a very bad news. Any idea, which platforms have this bug? mkdir
>from the GNU File Utilities doesn't seem to have this bug...
I realize that this isn't a perfect solution, but how about
using mkdir while checking first that a symlink with the same
name doesn't already exist...
The only limitations I see are:
- if another file or a symlink already exists, you will have problems.
- race condition between checking if the file is a symlink and
actually creating the directory?
In my .zshenv file (I use zsh for my shell), I have it automatically
create a temp directory called /tmp/bam. If this succeeds, I set
TMP=/tmp/bam. If it fails, I set TMP=/tmp. This isn't perfect,
but at least it is better then unconditionally using /tmp. Another
alternative for the paranoid would be $HOME/tmp, if /tmp/bam failed.