Bugtraq mailing list archives

Re: /tmp race in mc-4.5.0

From: bet () MORDOR NET (Bennett Todd)
Date: Wed, 14 Oct 1998 16:51:58 -0400


1998-10-13-00:41:04 Pavel Machek:

[...] until someone invents safe & portable way of how to work
with temporary files from shell.

(Actually, is this safe? It might be safe & portable, unfortunately,
it is also slow & ugly)

    TMPDIR=/tmp/mctmpdir.$$
    mkdir $TMPDIR || exit 0
    cd $TMPDIR
    do_something > $TMPDIR/file
    rm $TMPDIR/file
    rmdir $TMPDIR


If I were doing something like this, I'd probably code

        progname=`basename $0`
        die(){ echo "$progname: $*">&2; exit 1; }
        umask 077
        tmp=/tmp/$progname.$$
        trap "rm -rf $tmp" 0
        mkdir $tmp || die "can't mkdir $tmp"

        # use $tmp/whatever, $tmp/whateverelse for tmp files

-Bennett

Current thread:

Last (hopefully) update on GroupWise Simple Nomad (Oct 10)
- <Possible follow-ups>
- Last (hopefully) update on GroupWise Adrian Voinea (Feb 06)
  - /tmp race in mc-4.5.0 Pavel Machek (Oct 12)
    - Re: /tmp race in mc-4.5.0 Bennett Todd (Oct 14)
    - Re: /tmp race in mc-4.5.0 Marc Heuse (Oct 14)
    - [NTSEC] DoS attack in MS - Proxy 2.0 Jason Garms (Oct 15)
    - IRIX xterm(1) exploitable buffer overflow SGI Security Coordinator (Oct 15)
    - IRIX Xaw library exploitable buffer overflow SGI Security Coordinator (Oct 15)
    - Microsoft Security Bulletin (MS98-015) Aleph One (Oct 16)
    - HP-UX 10.20 SharedX Receiver Service DoS Security Research Team (Oct 16)
    - Breaking Finger in AIX 4.2 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa (Oct 20)
    - Re: Breaking Finger in AIX 4.2 Troy A. Bollinger (Oct 20)
    - Alert: IE 4.0 Security Zone compromise Aleph One (Oct 20)
  - Re: Annoying Solaris/CDE/NIS+ bug Frank Cusack (Oct 13)