Re: [security question] creating tempfiles]
Roland Rosenfeld <roland@spinnaker.rhein.de> writes:
> Isn't there any alternative method for creating secure temporary
> directories/files only with sh internals or binaries which are
> available on _every_ system?
well, the script you had was pretty good except that mkdir will follow
dangling symlinks on some systems -- you can modify it to die if the chosen
temp directory exists already:
#!/bin/ksh
tmpdir="${TMPDIR:-/tmp}/temp_$$"
if [ -e $tmpdir ]; then
echo "$tmpdir exists! remove it before continuing."
exit 1
fi
(umask 077 && mkdir $tempdir) || { echo "failed to create $tmpdir!"; exit 1 }
...
which is both portable and safe, unless i've missed something (which is not
unlikely; i don't do this sort of thing often).
--phouchg
"Reasoning is partly insane" --Rush, "Anagram (for Mongo)"
PGP 5.0 key (0xE024447449) at http://cif.rochester.edu/~phouchg/pgpkey.txt
Reply to: