On 2003.07.10 14:32 Dustin Puryear wrote: > Naturally, I write a lot of scripts to solve various problems that I need > to automate in some way or another. The majority of these scripts tend to > be non-trivial, and I need temporary files at some point. I wonder how most > people code their use of temp. files so that these files are secure from > prying eyes or modification. To date I have used two methods, and currently > favor the first listed below. > > 1. Creating a temporary directory: > > mkdir -m 700 /tmp/$$ || exit 1 > cd /tmp/$$ > echo blah, blah > file1 > echo blah, blah > file2 > rm -f file1 file2 > cd / > rmdir /tmp/$$ > exit 0 > > 2. Explicitly setting my umask. > > umask 077 > echo blah, blah > /tmp/file1 > echo blah, blah > /tmp/file2 > rm -f /tmp/file1 /tmp/file2 > exit 0 > > What are the general thoughts on the best way to do this? Is there an > alternative that I should be considering? > > What I like about the first method is that I don't need to worry about > anything being put there while I'm not looking. This way I can relax a bit > more when dumping to and reading from my temporary files. Am I wrong about > feeling safe? With the second method I could blow away /etc/passwd or > something if an attacker makes any level of effort. In my mind the second > method requires a lot more checking on my part, and even with checking I > can't get around several race conditions in a shell script. >
ramdisk?
