At 1:41 PM -0500 12/29/06, Robert C. Seacord wrote: > I've seen advice here and there to use the mkdtemp() function to create > temporary directories, for example: > > - Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3 > recommends them > > - David Wheeler's Secure Programming for Linux and Unix HOWTO at > http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html > mentions it may not be a good idea if tmp cleaners are in use (but this > sort of suggests maybe it is ok if they are not.) > > - HP 03 Tru64 UNIX Protecting Your System Against File Name Spoofing > Attacks. January 2003. > http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf > > - etc. > > The mkdtemp() function generates a uniquely-named temporary directory > from template. This function appears to work exactly like mktemp() > works for files, except of course mktemp() has been widely discredited > because of possible TOCTOU conditions and problems generating unique, > unpredictable names. > > So my question is, why is mkdtemp() considered safe? Isn't it also > susceptible to race conditions? Is there a reason why these race > conditions are not at issue in this case? Or is it only considered safe > because there is no alternative?
Not on Unix, but I tend to use temporary names based on the Process ID that is executing. And of course file protection prevents malevolent access. But for a temporary file, I will specify a file that is not in any directory. I presume there is such a capbility in Unix. -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
