[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What does 'safely' mean in man mktemp?

From: Peng Yu
Subject: Re: What does 'safely' mean in man mktemp?
Date: Fri, 16 Dec 2011 08:08:25 -0600

On Wed, Dec 14, 2011 at 8:37 PM, Bob Proulx <address@hidden> wrote:
> Peng Yu wrote:
>> man mktemp says "Create a temporary file or directory, safely, and
>> print its name."
>> I'm wondering what it means by "safely".
>> Does mktemp test if there is already a tempfile with the given name?
>> If there is indeed with the same file name, will mktemp use a
>> different name rather than overwrite the one with the original name?
> Yes to all.  Using mktemp solves the problem of creating a program
> specific temporary filename in all of the right ways.  Add whatever
> modifier you wish such as safely, robustly, without race condition,
> without predictability, avoiding known attack vectors, other things.
> It would be difficult to sum up all of the "goodness" into a small
> concise sentence.
> The documentation for mktemp explains this in some detail:
>     Older scripts used to create temporary files by simply joining the

Hi Bob,

Obviously, you are referring the info page. I was referring the man
page. But anyway, both documents used "safely" without explicit
definition. For the info page, the first paragraph after the synopsis
can be simply improved as the following. By moving the second
paragraph to the first one, it implies that safely means what
originally in the second paragraph (starting with "Older"). Since the
TEMPLATE is explicitly mentioned in the new second paragraph, people
know what it refers so it doesn't need to immediately follow "Safely
create a temporary file or directory based on TEMPLATE".

   Safely create a temporary file or directory based on TEMPLATE, and
print its name. Older scripts used to create temporary files by simply
joining the
name of the program with the process id (`$$') as a suffix.  However,
that naming scheme is easily predictable, and suffers from a race
condition where the attacker can create an appropriately named symbolic
link, such that when the script then opens a handle to what it thought
was an unused file, it is instead modifying an existing file.  Using
the same scheme to create a directory is slightly safer, since the
`mkdir' will fail if the target already exists, but it is still
inferior because it allows for denial of service attacks.  Therefore,
modern scripts should use the `mktemp' command to guarantee that the
generated name will be unpredictable, and that knowledge of the
temporary file name implies that the file was created by the current
script and cannot be modified by other users.

If given, TEMPLATE must include at least three
consecutive `X's in the last component.  If omitted, the template
`tmp.XXXXXXXXXX' is used, and option `--tmpdir' is implied.  The final
run of `X's in the TEMPLATE will be replaced by alpha-numeric
characters; thus, on a case-sensitive file system, and with a TEMPLATE
including a run of N instances of `X', there are `62**N' potential file


For the man page, it should be self-contained. Clearly the man page
doesn't have any explanation for "safely". It should as least a
sentence explaining what  "safely" means or at least refers to the
info page (I'm not referring the reference at the bottom as that one
is not specific to the word "safely").

But if a reference is going to be added anyway. I'm wondering the
necessity to make the info and man pages different. I understand the
idea of making man page shorter and more concise and make the info
page longer and more descriptive. But is it better to keep all the
document at the same place. After all, many languages (e.g., perl and
python) only have one set of documents. People make choice on what
they should read. So why the documentation writer make the choice for


reply via email to

[Prev in Thread] Current Thread [Next in Thread]