Bugtraq mailing list archives
Re: request-route
From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Fri, 1 Aug 1997 14:05:14 -0600
Therefore, the safest way to create a lock from a shell is to create a directory (not forgetting umask 077 before that), create the temporary lock file in the new directory, link that temporary lock to the real lock and remove the temporary file and directory. That way you get all the benifits ln and your shell script will be safe.
Yes, we use this method on many places in OpenBSD. Like in mkdep(1). In other shell scripts, we use our mktemp(1) program. I'm including a man page so that you can see how to use it... Anyways, these are important problems to solve. But don't just think of your shell scripts -- check the regular C programs too. We fixed roughly 400-500 /tmp races in the OpenBSD tree. It's one kind of security issue when a symlink is used to whack root, but it's also a security issue when one user can cause another user's .login file to get squished. So most of them have been fixed. A few small ones lurk. (Some are very hard to fix). ---- NAME mktemp - make temporary file name (unique) SYNOPSIS mktemp [-d] [-q] [-u] template DESCRIPTION The mktemp utility takes the given file name template and overwrites a portion of it to create a file name. This file name is unique and suit- able for use by the application. The template may be any file name with some number of `Xs' appended to it, for example /tmp/temp.XXXX. The trailing `Xs' are replaced with the current process number and/or a unique letter combination. The number of unique file names mktemp can return depends on the number of `Xs' provided; six `Xs' will result in mktemp testing roughly 26 ** 6 combinations. If mktemp can successfully generate a unique file name, the file is cre- ated with mode 0600 (unless the -u flag is given) and the filename is printed to standard output. OPTIONS The available options are as follows: -d Make a directory instead of a file. -q Fail silently if an error occurs. This is useful if a script does not want error output to go to standard error. -u Operate in ``unsafe'' mode. The temp file will be unlinked be- fore mktemp exits. This is slightly better than mktemp(3) but still introduces a race condition. Use of this option is not en- couraged. RETURN VALUES The mktemp utility exits with a value of 0 on success, and 1 on failure. EXAMPLES The following sh(1) fragment illustrates a simple use of mktemp where the script should quit if it cannot get a safe temporary file. TMPFILE=`mktemp /tmp/$0.XXXXXX` || exit 1 echo "program output" >> $TMPFILE In this case, we want the script to catch the error itself. TMPFILE=`mktemp -q /tmp/$0.XXXXXX` if [ $? -ne 0 ]; then echo "$0: Can't create temp file, exiting..." exit 1 fi Note that one can also check to see that $TMPFILE is zero length instead of checking $?. This would allow the check to be done later one in the script (since $? would get clobbered by the next shell command). SEE ALSO mkstemp(3), mktemp(3) HISTORY The mktemp utility appeared in OpenBSD. OpenBSD 2.1 November, 20, 1996 1
Current thread:
- Re: request-route Zoltan Hidvegi (Jul 31)
- Re: request-route Theo de Raadt (Aug 01)
- <Possible follow-ups>
- Re: request-route Casper Dik (Aug 01)