[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug #14386] updatedb relies on mktemp, which is not portable
From: |
Eric Blake |
Subject: |
[bug #14386] updatedb relies on mktemp, which is not portable |
Date: |
Sat, 3 Sep 2005 08:27:57 -0600 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6 |
URL:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>
Summary: updatedb relies on mktemp, which is not portable
Project: findutils
Submitted by: ericb
Submitted on: Sat 09/03/05 at 08:27
Category: updatedb
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Originator Name: Eric Blake
Originator Email: address@hidden
Open/Closed: Open
Release: 4.2.25
Fixed Release: None
_______________________________________________________
Details:
updatedb assumes that mktemp is on the user's PATH, which is not always the
case.
http://www.gnu.org/prep/standards/standards.html#Utilities-in-Makefiles does
not include mktemp as a utility that portable programs can assume. CVS
autoconf documents a more portable way to create secure temp files (actually,
a secure temp directory, where you then store temp files inside):
@item @command{mktemp}
@c -------------------
@prindex @command{mktemp}
@cindex Creating temporary files
Shell scripts can use temporary files safely with @command{mktemp}, but
it does not exist on all systems. A portable way to create a safe
temporary file name is to create a temporary directory with mode 700 and
use a file inside this directory. Both methods prevent attackers from
gaining control, though @command{mktemp} is far less likely to fail
gratuitously under attack.
Here is sample code to create a new temporary directory safely:
@example
# Create a temporary directory $tmp in $TMPDIR (default /tmp).
# Use mktemp if possible; otherwise fall back on mkdir,
# with $RANDOM to make collisions less likely.
: address@hidden/address@hidden
@{
tmp=`
(umask 077 && mktemp -d "$TMPDIR/fooXXXXXX") 2>/dev/null
` &&
test -n "$tmp" && test -d "$tmp"
@} || @{
tmp=$TMPDIR/foo$$-$RANDOM
(umask 077 && mkdir "$tmp")
@} || exit $?
@end example
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [bug #14386] updatedb relies on mktemp, which is not portable,
Eric Blake <=