Bugtraq mailing list archives
Re: mktemp() and friends
From: deraadt () cvs openbsd org (Theo de Raadt)
Date: Tue, 24 Dec 1996 12:59:09 -0700
A more reasonable approach would be to use $UID and/or $$ and/or $RANDOM and/or `date +%s` (if you've got a GNU date) in the file name. Like /tmp/cron.daily.`date +%s`.$$ --- one of my favourites.
Do not use this technique in shells scripts! This is a security hole! Yes, I know.... every example shell script on every unix operating system you've ever used does it wrong. Yes, even such simple stuff as mkdep(1) gets it wrong. Even those should be fixed! The best safe technique which I know of (as also demonstrated in the SNI advisory and in numerous OpenBSD shells scripts) is: umask 077 # you may want this DIR=/tmp/_dirname$$ FILE=$DIR/_filename if ! mkdir $DIR ; then # be nice if an error happens; ie. warn about DOS attacks printf "tmp directory %s already exists, looks like:\n" $DIR ls -alF $DIR exit 1 fi # directory will get cleaned on exit or failure trap 'rm -rf $DIR' 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15 # From this point on you can safely play with $FILE, since you know it # cannot have been spoofed via symbolic link games.
Current thread:
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Steve \ (Dec 24)
- Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
- Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)
- Re: mktemp() and friends Darren Reed (Dec 23)