[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [security question] creating tempfiles]



In article <19990402204449.H324@spinnaker.rhein.de> you write:
>> mkdir will follow dangling symlinks on some platforms
>
>That's a very bad news. Any idea, which platforms have this bug? mkdir 
>from the GNU File Utilities doesn't seem to have this bug...

I realize that this isn't a perfect solution, but how about
using mkdir while checking first that a symlink with the same
name doesn't already exist...

The only limitations I see are:
- if another file or a symlink already exists, you will have problems.
- race condition between checking if the file is a symlink and
  actually creating the directory?

In my .zshenv file (I use zsh for my shell), I have it automatically
create a temp directory called /tmp/bam. If this succeeds, I set
TMP=/tmp/bam. If it fails, I set TMP=/tmp. This isn't perfect,
but at least it is better then unconditionally using /tmp. Another
alternative for the paranoid would be $HOME/tmp, if /tmp/bam failed.


Reply to: