coreutils
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What does 'safely' mean in man mktemp?


From: Bob Proulx
Subject: Re: What does 'safely' mean in man mktemp?
Date: Wed, 14 Dec 2011 19:37:10 -0700
User-agent: Mutt/1.5.21 (2010-09-15)

Peng Yu wrote:
> man mktemp says "Create a temporary file or directory, safely, and
> print its name."
> 
> I'm wondering what it means by "safely".
> 
> Does mktemp test if there is already a tempfile with the given name?
> If there is indeed with the same file name, will mktemp use a
> different name rather than overwrite the one with the original name?

Yes to all.  Using mktemp solves the problem of creating a program
specific temporary filename in all of the right ways.  Add whatever
modifier you wish such as safely, robustly, without race condition,
without predictability, avoiding known attack vectors, other things.
It would be difficult to sum up all of the "goodness" into a small
concise sentence.

The documentation for mktemp explains this in some detail:

     Older scripts used to create temporary files by simply joining the
  name of the program with the process id (`$$') as a suffix.  However,
  that naming scheme is easily predictable, and suffers from a race
  condition where the attacker can create an appropriately named symbolic
  link, such that when the script then opens a handle to what it thought
  was an unused file, it is instead modifying an existing file.  Using
  the same scheme to create a directory is slightly safer, since the
  `mkdir' will fail if the target already exists, but it is still
  inferior because it allows for denial of service attacks.  Therefore,
  modern scripts should use the `mktemp' command to guarantee that the
  generated name will be unpredictable, and that knowledge of the
  temporary file name implies that the file was created by the current
  script and cannot be modified by other users.

     When creating a file, the resulting file has read and write
  permissions for the current user, but no permissions for the group or
  others; these permissions are reduced if the current umask is more
  restrictive.

Please point and ask questions about the above and suggest if there is
a way to improve it.

Bob



reply via email to

[Prev in Thread] Current Thread [Next in Thread]