On Wed, Dec 14, 2011 at 8:37 PM, Bob Proulx <[email protected]> wrote: > Peng Yu wrote: >> man mktemp says "Create a temporary file or directory, safely, and >> print its name." >> >> I'm wondering what it means by "safely". >> >> Does mktemp test if there is already a tempfile with the given name? >> If there is indeed with the same file name, will mktemp use a >> different name rather than overwrite the one with the original name? > > Yes to all. Using mktemp solves the problem of creating a program > specific temporary filename in all of the right ways. Add whatever > modifier you wish such as safely, robustly, without race condition, > without predictability, avoiding known attack vectors, other things. > It would be difficult to sum up all of the "goodness" into a small > concise sentence. > > The documentation for mktemp explains this in some detail: > > Older scripts used to create temporary files by simply joining the
Hi Bob, Obviously, you are referring the info page. I was referring the man page. But anyway, both documents used "safely" without explicit definition. For the info page, the first paragraph after the synopsis can be simply improved as the following. By moving the second paragraph to the first one, it implies that safely means what originally in the second paragraph (starting with "Older"). Since the TEMPLATE is explicitly mentioned in the new second paragraph, people know what it refers so it doesn't need to immediately follow "Safely create a temporary file or directory based on TEMPLATE". """ Safely create a temporary file or directory based on TEMPLATE, and print its name. Older scripts used to create temporary files by simply joining the name of the program with the process id (`$$') as a suffix. However, that naming scheme is easily predictable, and suffers from a race condition where the attacker can create an appropriately named symbolic link, such that when the script then opens a handle to what it thought was an unused file, it is instead modifying an existing file. Using the same scheme to create a directory is slightly safer, since the `mkdir' will fail if the target already exists, but it is still inferior because it allows for denial of service attacks. Therefore, modern scripts should use the `mktemp' command to guarantee that the generated name will be unpredictable, and that knowledge of the temporary file name implies that the file was created by the current script and cannot be modified by other users. If given, TEMPLATE must include at least three consecutive `X's in the last component. If omitted, the template `tmp.XXXXXXXXXX' is used, and option `--tmpdir' is implied. The final run of `X's in the TEMPLATE will be replaced by alpha-numeric characters; thus, on a case-sensitive file system, and with a TEMPLATE including a run of N instances of `X', there are `62**N' potential file names. """ For the man page, it should be self-contained. Clearly the man page doesn't have any explanation for "safely". It should as least a sentence explaining what "safely" means or at least refers to the info page (I'm not referring the reference at the bottom as that one is not specific to the word "safely"). But if a reference is going to be added anyway. I'm wondering the necessity to make the info and man pages different. I understand the idea of making man page shorter and more concise and make the info page longer and more descriptive. But is it better to keep all the document at the same place. After all, many languages (e.g., perl and python) only have one set of documents. People make choice on what they should read. So why the documentation writer make the choice for them? -- Regards, Peng
