[3849] in bugtraq
Re: mktemp() and friends
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Dec 23 16:56:22 1996
Date: Tue, 24 Dec 1996 07:51:31 +1100
Reply-To: Darren Reed <avalon@coombs.anu.edu.au>
From: Darren Reed <avalon@coombs.anu.edu.au>
X-To: deraadt@cvs.openbsd.org
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199612231614.JAA04828@cvs.openbsd.org> from "Theo de Raadt" at
Dec 23, 96 09:14:42 am
In some mail from Theo de Raadt, sie said:
>
> >In some mail from Theo de Raadt, sie said:
> >[...]
> >> Has anyone done a major cleanup of /tmp holes (ie. mktemp and friends)?
> >
> >Personally, I think they should all return either "FILE *" or an open
> >file descriptor so even if /tmp isn't +t, you already have opened the
> >file you actually asked for. But that's just IMHO.
>
> Uhm, +t doesn't actually help much for the race at file creation time.
> You are still symbolic link raceable since mktemp filenames are
> guessable. The filenames are guessable since the 6 X's are written
> over by not much more than just the pid -- mktemp() wants to generate
> low-collision-rate filenames.
open("/tmp/filename", O_CREAT|O_EXCL) is what I'd like to see used and what I
think that interface should use (this provides an open file descriptor
or -1 if the file is already there, no symbolic link races, etc). I don't
know if it does or doesn't, but it should.
mktemp/mkstemp/tmpnam/tempnam should not be used and tmpfile should be
implemented as above.
Then there are temporary files used in shell scripts - quite often root
cornjobs get implemented to write to some file in /tmp (I prefer to use
/, ~root or /etc).
Darren
