Re: [security question] creating tempfiles]

To: debian-devel@lists.debian.org
Subject: Re: [security question] creating tempfiles]
From: Jonathan P Tomer <phouchg@cif.rochester.edu>
Date: Sat, 03 Apr 1999 17:23:22 -0500
Message-id: <[🔎] 199904032223.RAA26298@roundtable.cif.rochester.edu>
In-reply-to: Your message of "Sat, 03 Apr 1999 11:51:35 EST." <[🔎] m10TTdv-0006GiC@vanzandt.mv.com>

Roland Rosenfeld <roland@spinnaker.rhein.de> writes:
> Isn't there any alternative method for creating secure temporary
> directories/files only with sh internals or binaries which are
> available on _every_ system?

well, the script you had was pretty good except that mkdir will follow
dangling symlinks on some systems -- you can modify it to die if the chosen
temp directory exists already:

#!/bin/ksh
tmpdir="${TMPDIR:-/tmp}/temp_$$"
if [ -e $tmpdir ]; then
  echo "$tmpdir exists! remove it before continuing."
  exit 1
fi
(umask 077 && mkdir $tempdir) || { echo "failed to create $tmpdir!"; exit 1 }
...

which is both portable and safe, unless i've missed something (which is not
unlikely; i don't do this sort of thing often).

--phouchg
"Reasoning is partly insane" --Rush, "Anagram (for Mongo)"
PGP 5.0 key (0xE024447449) at http://cif.rochester.edu/~phouchg/pgpkey.txt

Reply to:

Follow-Ups:
- Re: [security question] creating tempfiles]
  - From: Galen Hancock <galenh@bigfoot.com>

References:
- Re: [security question] creating tempfiles]
  - From: "James R. Van Zandt" <jrv@vanzandt.mv.com>

Prev by Date: Re: Howto implement device detection without thrashing
Next by Date: Re: Where is the source code for fvwm95 2.0.43a?
Previous by thread: Re: [security question] creating tempfiles]
Next by thread: Re: [security question] creating tempfiles]
Index(es):
- Date
- Thread