Re: mktemp() and friends

[deraadt () cvs openbsd org (Theo de Raadt)]

> A more reasonable approach would be to use $UID and/or $$ and/or
> $RANDOM and/or `date +%s` (if you've got a GNU date) in the file name.
> Like /tmp/cron.daily.`date +%s`.$$ --- one of my favourites.

Do not use this technique in shells scripts!  This is a security hole!

Yes, I know.... every example shell script on every unix operating
system you've ever used does it wrong.  Yes, even such simple stuff as
mkdep(1) gets it wrong.  Even those should be fixed!

The best safe technique which I know of (as also demonstrated in the
SNI advisory and in numerous OpenBSD shells scripts) is:

umask 077               # you may want this

DIR=/tmp/_dirname$$
FILE=$DIR/_filename

if ! mkdir $DIR ; then
        # be nice if an error happens; ie. warn about DOS attacks
        printf "tmp directory %s already exists, looks like:\n" $DIR
        ls -alF $DIR
        exit 1
fi

# directory will get cleaned on exit or failure
trap 'rm -rf $DIR' 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15

# From this point on you can safely play with $FILE, since you know it
# cannot have been spoofed via symbolic link games.