[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [security question] creating tempfiles]

On Sat, Apr 03, 1999 at 05:23:22PM -0500, Jonathan P Tomer wrote:
> Roland Rosenfeld <roland@spinnaker.rhein.de> writes:
> > Isn't there any alternative method for creating secure temporary
> > directories/files only with sh internals or binaries which are
> > available on _every_ system?

> well, the script you had was pretty good except that mkdir will follow
> dangling symlinks on some systems -- you can modify it to die if the chosen
> temp directory exists already:

> #!/bin/ksh
> tmpdir="${TMPDIR:-/tmp}/temp_$$"
> if [ -e $tmpdir ]; then
>   echo "$tmpdir exists! remove it before continuing."
>   exit 1
> fi
> (umask 077 && mkdir $tempdir) || { echo "failed to create $tmpdir!"; exit 1 }
> ...

> which is both portable and safe, unless i've missed something (which is not
> unlikely; i don't do this sort of thing often).

There is a race condition in that. The attacker could create the symlink
after you made the test and before the mkdir.

I do not think that there is a portable and safe way to create temporary
files, using only standard shell tools. I would use mktemp for files.
For directories, a small C program could be written, but there is no
standard tool.

You could create the directory in the user's home directory, if that is
appropriate for the application. If the script would be run by system
accounts with a home directory that they do not own or that others can
write to you can't do that either.


> --phouchg
> "Reasoning is partly insane" --Rush, "Anagram (for Mongo)"
> PGP 5.0 key (0xE024447449) at http://cif.rochester.edu/~phouchg/pgpkey.txt

- Unix: You think it won't work, but if you find the right wizard, he can
 make it work.
- Macintosh: You think it will work, but it won't.
- PC/Windows: You think it won't work, and it won't.
			-- Philip Greenspun

Reply to: