Naturally, I write a lot of scripts to solve various problems that I need to automate in some way or another. The majority of these scripts tend to be non-trivial, and I need temporary files at some point. I wonder how most people code their use of temp. files so that these files are secure from prying eyes or modification. To date I have used two methods, and currently favor the first listed below.
1. Creating a temporary directory: mkdir -m 700 /tmp/$$ || exit 1 cd /tmp/$$ echo blah, blah > file1 echo blah, blah > file2 rm -f file1 file2 cd / rmdir /tmp/$$ exit 0 2. Explicitly setting my umask. umask 077 echo blah, blah > /tmp/file1 echo blah, blah > /tmp/file2 rm -f /tmp/file1 /tmp/file2 exit 0 What are the general thoughts on the best way to do this? Is there an alternative that I should be considering? What I like about the first method is that I don't need to worry about anything being put there while I'm not looking. This way I can relax a bit more when dumping to and reading from my temporary files. Am I wrong about feeling safe? With the second method I could blow away /etc/passwd or something if an attacker makes any level of effort. In my mind the second method requires a lot more checking on my part, and even with checking I can't get around several race conditions in a shell script. --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology, LLC <http://www.puryear-it.com> Providing expertise in the management, integration, and security of Windows and UNIX systems, networks, and applications.
