At 1:41 PM -0500 12/29/06, Robert C. Seacord wrote:
> I've seen advice here and there to use the mkdtemp() function to create
> temporary directories, for example:
> 
> - Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
> recommends them
> 
> - David Wheeler's Secure Programming for Linux and Unix HOWTO at
> http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
> mentions it may not be a good idea if tmp cleaners are in use (but this
> sort of suggests maybe it is ok if they are not.)
> 
> - HP 03 Tru64 UNIX Protecting Your System Against File Name Spoofing
> Attacks. January 2003. 
> http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf
> 
> - etc.
> 
> The mkdtemp() function generates a uniquely-named temporary directory
> from template.  This function appears to work exactly like mktemp()
> works for files, except of course mktemp() has been widely discredited
> because of possible TOCTOU conditions and problems generating unique,
> unpredictable names.
> 
> So my question is, why is mkdtemp() considered safe?  Isn't it also
> susceptible to race conditions?  Is there a reason why these race
> conditions are not at issue in this case?  Or is it only considered safe
> because there is no alternative?

Not on Unix, but I tend to use temporary names based on the Process ID
that is executing.  And of course file protection prevents malevolent
access.

But for a temporary file, I will specify a file that is not in any
directory.  I presume there is such a capbility in Unix.
-- 
Larry Kilgallen
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to