|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mktemp() and friends
Theo de Raadt (deraadt
cvs.openbsd.org)Tue, 24 Dec 1996 12:59:09 -0700
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Casper Dik: "Re: mktemp() and friends"
- Previous message: Benedikt Stockebrand: "Re: mktemp() and friends"
- In reply to: Benedikt Stockebrand: "Re: mktemp() and friends"
- Next in thread: Benedikt Stockebrand: "Temporary Files (was Re: mktemp() and friends)"
> A more reasonable approach would be to use $UID and/or $$ and/or
> $RANDOM and/or `date +%s` (if you've got a GNU date) in the file name.
> Like /tmp/cron.daily.`date +%s`.$$ --- one of my favourites.
Do not use this technique in shells scripts! This is a security hole!
Yes, I know.... every example shell script on every unix operating
system you've ever used does it wrong. Yes, even such simple stuff as
mkdep(1) gets it wrong. Even those should be fixed!
The best safe technique which I know of (as also demonstrated in the
SNI advisory and in numerous OpenBSD shells scripts) is:
umask 077 # you may want this
DIR=/tmp/_dirname$$
FILE=$DIR/_filename
if ! mkdir $DIR ; then
# be nice if an error happens; ie. warn about DOS attacks
printf "tmp directory %s already exists, looks like:\n" $DIR
ls -alF $DIR
exit 1
fi
# directory will get cleaned on exit or failure
trap 'rm -rf $DIR' 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15
# From this point on you can safely play with $FILE, since you know it
# cannot have been spoofed via symbolic link games.
- Next message: Casper Dik: "Re: mktemp() and friends"
- Previous message: Benedikt Stockebrand: "Re: mktemp() and friends"
- In reply to: Benedikt Stockebrand: "Re: mktemp() and friends"
- Next in thread: Benedikt Stockebrand: "Temporary Files (was Re: mktemp() and friends)"