Bugtraq mailing list archives
Re: mktemp() and friends
From: avalon () coombs anu edu au (Darren Reed)
Date: Tue, 24 Dec 1996 07:51:31 +1100
In some mail from Theo de Raadt, sie said:
In some mail from Theo de Raadt, sie said: [...]Has anyone done a major cleanup of /tmp holes (ie. mktemp and friends)?Personally, I think they should all return either "FILE *" or an open file descriptor so even if /tmp isn't +t, you already have opened the file you actually asked for. But that's just IMHO.Uhm, +t doesn't actually help much for the race at file creation time. You are still symbolic link raceable since mktemp filenames are guessable. The filenames are guessable since the 6 X's are written over by not much more than just the pid -- mktemp() wants to generate low-collision-rate filenames.
open("/tmp/filename", O_CREAT|O_EXCL) is what I'd like to see used and what I think that interface should use (this provides an open file descriptor or -1 if the file is already there, no symbolic link races, etc). I don't know if it does or doesn't, but it should. mktemp/mkstemp/tmpnam/tempnam should not be used and tmpfile should be implemented as above. Then there are temporary files used in shell scripts - quite often root cornjobs get implemented to write to some file in /tmp (I prefer to use /, ~root or /etc). Darren
Current thread:
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Uriel Maimon (Dec 23)
- <Possible follow-ups>
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Darren Reed (Dec 23)
- Re: mktemp() and friends Steve \ (Dec 24)
- Re: mktemp() and friends Casper Dik (Dec 24)
- Re: mktemp() and friends Theo de Raadt (Dec 23)
- Re: mktemp() and friends Benedikt Stockebrand (Dec 23)
- Re: mktemp() and friends Theo de Raadt (Dec 24)
- Re: mktemp() and friends D. J. Bernstein (Dec 24)
- Re: mktemp() and friends SGI Security Coordinator (Dec 24)
- Re: mktemp() and friends Darren Reed (Dec 23)