bug-gnu-utils
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#278283: insecure temporary file usage in gettextize and autopoin

From: Bruno Haible
Subject: Re: Bug#278283: insecure temporary file usage in gettextize and autopoint (fwd)
Date: Tue, 26 Oct 2004 15:40:46 +0200
User-agent: KMail/1.5 
Upon the question:
> > Do you have a suggestion how to create temporary files in /tmp in a
> > secure way, even on platforms without 'mktemp' program?

Alexandre Duret-Lutz wrote:
> Here is what AS_TMPDIR([foo]) produces.

Aha! So you mean to say, the only way to securely create a file using usual
shell script constructs like

   filename=`command to compute a temp filename`
   echo "some contents" > $filename

is to make filename sit in a temporary directory under /tmp, not directly
in /tmp ?

> # Create a temporary directory, and hook for its removal unless debugging.
> $debug ||
> {
>   trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
>   trap '{ (exit 1); exit 1; }' 1 2 13 15
> }
>
> # Create a (secure) tmp directory for tmp files.
>
> : ${TMPDIR=/tmp}
>
> {
>   tmp=`(umask 077 && mktemp -d -q "$TMPDIR/fooXXXXXX") 2>/dev/null` &&
>   test -n "$tmp" && test -d "$tmp"
> }  ||
> {
>   tmp=$TMPDIR/foo$$-$RANDOM
>   (umask 077 && mkdir $tmp)
> } ||
> {
>    echo "$me: cannot create a temporary directory in $TMPDIR" >&2
>    { (exit 1); exit 1; }
> }

Not bad, but still not perfect: mktemp is not a POSIX standardized
utility, and $RANDOM is bash specific. So what do you propose on POSIX
systems without mktemp and bash? Just fall back on the unsecure foo$$
pattern? Or ship an mktemp.c with the package, to be compiled by
'configure' very early?

It would be nice if we could write up the result of this discussion, when
finished, in the autoconf manual.
http://www.gnu.org/software/autoconf/manual/autoconf-2.57/html_chapter/autoconf_10.html

Bruno
reply via email to
[Prev in Thread] Current Thread [Next in Thread]