If you are worried about the filename and race conditions or dangling symlink attacks, use mktemp to generate the filename instead of $$.
[EMAIL PROTECTED] root]# mktemp $$.XXXXXXXXXX 12231.XXXXZOjP2O -ray On 10 Jul 2003, Tim Fournet wrote: > Method 1 looks good to me, provided that the value of $$ can't be > guessed by a program looking to subvert you. If something comes along > right before the script is run and makes the directory beforehand, you > may not be able to set permissions on it. It may be wise to grab a few > characters from /dev/random (still not perfect) or something. > > -Tim > > > On Thu, 2003-07-10 at 14:32, Dustin Puryear wrote: > > Naturally, I write a lot of scripts to solve various problems that I need > > to automate in some way or another. The majority of these scripts tend to > > be non-trivial, and I need temporary files at some point. I wonder how most > > people code their use of temp. files so that these files are secure from > > prying eyes or modification. To date I have used two methods, and currently > > favor the first listed below. > > > > 1. Creating a temporary directory: > > > > mkdir -m 700 /tmp/$$ || exit 1 > > cd /tmp/$$ > > echo blah, blah > file1 > > echo blah, blah > file2 > > rm -f file1 file2 > > cd / > > rmdir /tmp/$$ > > exit 0 > > > > 2. Explicitly setting my umask. > > > > umask 077 > > echo blah, blah > /tmp/file1 > > echo blah, blah > /tmp/file2 > > rm -f /tmp/file1 /tmp/file2 > > exit 0 > > > > What are the general thoughts on the best way to do this? Is there an > > alternative that I should be considering? > > > > What I like about the first method is that I don't need to worry about > > anything being put there while I'm not looking. This way I can relax a bit > > more when dumping to and reading from my temporary files. Am I wrong about > > feeling safe? With the second method I could blow away /etc/passwd or > > something if an attacker makes any level of effort. In my mind the second > > method requires a lot more checking on my part, and even with checking I > > can't get around several race conditions in a shell script. > > > > --- > > Dustin Puryear <[EMAIL PROTECTED]> > > Puryear Information Technology, LLC <http://www.puryear-it.com> > > Providing expertise in the management, integration, and > > security of Windows and UNIX systems, networks, and applications. > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ray DeJean http://www.r-a-y.org Systems Engineer Southeastern Louisiana University IBM Certified Specialist AIX Administration, AIX Support =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
