Re: [security question] creating tempfiles]

To: debian-devel@lists.debian.org
Subject: Re: [security question] creating tempfiles]
From: Brian May <bam@snoopy.apana.org.au>
Date: Sat, 03 Apr 1999 17:27:46 +1000
Message-id: <[🔎] 19990403072746.26732.qmail@snoopy.apana.org.au>
Reply-to: bam@snoopy.apana.org.au
In-reply-to: <[🔎] 19990402204449.H324@spinnaker.rhein.de>
References: <[🔎] 19990402131936.E5756@cs.leidenuniv.nl>

In article <[🔎] 19990402204449.H324@spinnaker.rhein.de> you write:
>> mkdir will follow dangling symlinks on some platforms
>
>That's a very bad news. Any idea, which platforms have this bug? mkdir 
>from the GNU File Utilities doesn't seem to have this bug...

I realize that this isn't a perfect solution, but how about
using mkdir while checking first that a symlink with the same
name doesn't already exist...

The only limitations I see are:
- if another file or a symlink already exists, you will have problems.
- race condition between checking if the file is a symlink and
  actually creating the directory?

In my .zshenv file (I use zsh for my shell), I have it automatically
create a temp directory called /tmp/bam. If this succeeds, I set
TMP=/tmp/bam. If it fails, I set TMP=/tmp. This isn't perfect,
but at least it is better then unconditionally using /tmp. Another
alternative for the paranoid would be $HOME/tmp, if /tmp/bam failed.

Reply to:

References:
- Re: [security question] creating tempfiles]
  - From: Wichert Akkerman <wichert@cs.leidenuniv.nl>
- Re: [security question] creating tempfiles]
  - From: Roland Rosenfeld <roland@spinnaker.rhein.de>

Prev by Date: Re: bruce back online
Next by Date: Re: ldd is missing
Previous by thread: Re: [security question] creating tempfiles]
Next by thread: Re: [security question] creating tempfiles]
Index(es):
- Date
- Thread