[bug #14386] updatedb relies on mktemp, which is not portable

Sat, 03 Sep 2005 07:30:47 -0700 

URL:
  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>

                 Summary: updatedb relies on mktemp, which is not portable
                 Project: findutils
            Submitted by: ericb
            Submitted on: Sat 09/03/05 at 08:27
                Category: updatedb
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Eric Blake
        Originator Email: [EMAIL PROTECTED]
             Open/Closed: Open
                 Release: 4.2.25
           Fixed Release: None

    _______________________________________________________

Details:

updatedb assumes that mktemp is on the user's PATH, which is not always the
case. 
http://www.gnu.org/prep/standards/standards.html#Utilities-in-Makefiles does
not include mktemp as a utility that portable programs can assume.  CVS
autoconf documents a more portable way to create secure temp files (actually,
a secure temp directory, where you then store temp files inside):

@item @command{mktemp}
@c -------------------
@prindex @command{mktemp}
@cindex Creating temporary files
Shell scripts can use temporary files safely with @command{mktemp}, but
it does not exist on all systems.  A portable way to create a safe
temporary file name is to create a temporary directory with mode 700 and
use a file inside this directory.  Both methods prevent attackers from
gaining control, though @command{mktemp} is far less likely to fail
gratuitously under attack.

Here is sample code to create a new temporary directory safely:

@example
# Create a temporary directory $tmp in $TMPDIR (default /tmp).
# Use mktemp if possible; otherwise fall back on mkdir,
# with $RANDOM to make collisions less likely.
: [EMAIL PROTECTED]/[EMAIL PROTECTED]
@{
  tmp=`
    (umask 077 && mktemp -d "$TMPDIR/fooXXXXXX") 2>/dev/null
  ` &&
  test -n "$tmp" && test -d "$tmp"
@} || @{
  tmp=$TMPDIR/foo$$-$RANDOM
  (umask 077 && mkdir "$tmp")
@} || exit $?
@end example








    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/



_______________________________________________
Bug-findutils mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-findutils

Reply via email to