Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

temporary directories

From: ljknews at mac.com (ljknews)
Date: Fri, 29 Dec 2006 15:28:13 -0500
At 1:41 PM -0500 12/29/06, Robert C. Seacord wrote:

I've seen advice here and there to use the mkdtemp() function to create
temporary directories, for example:

- Kris Kennaway email at http://lwn.net/2000/1221/a/sec-tmp.php3
recommends them

- David Wheeler's Secure Programming for Linux and Unix HOWTO at
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html
mentions it may not be a good idea if tmp cleaners are in use (but this
sort of suggests maybe it is ok if they are not.)

- HP 03 Tru64 UNIX Protecting Your System Against File Name Spoofing
Attacks. January 2003. 
http://h30097.www3.hp.com/docs/wpapers/spoof_wp/symlink_external.pdf

- etc.

The mkdtemp() function generates a uniquely-named temporary directory
from template.  This function appears to work exactly like mktemp()
works for files, except of course mktemp() has been widely discredited
because of possible TOCTOU conditions and problems generating unique,
unpredictable names.

So my question is, why is mkdtemp() considered safe?  Isn't it also
susceptible to race conditions?  Is there a reason why these race
conditions are not at issue in this case?  Or is it only considered safe
because there is no alternative?


Not on Unix, but I tend to use temporary names based on the Process ID
that is executing.  And of course file protection prevents malevolent
access.

But for a temporary file, I will specify a file that is not in any
directory.  I presume there is such a capbility in Unix.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: