>From [EMAIL PROTECTED] Sun Jun 17 13:43:05 2001
>So sprach [EMAIL PROTECTED] am Sun, Jun 17, 2001 at 01:26:11PM +0200:
>> >The mktemp binary is nothing more than a wrapper to the C function mktem=
>p,
>> >which conforms to BSD 4.3, at least according to mktemp(3).
>>=20
>> But mktemp does not do anything different from the method I proposed.
>=46rom man mktemp:
>| mktemp is provided to allow shell scripts to safely use temporary files.
>| Traditionally, many shell scripts take the name of the program with the P=
>ID
>| as a suffix and use that as a temporary file name. This kind of naming
>| scheme is predictable and the race condition it creates is easy for an
>| attacker to win. A safer, though still inferior approach is to make a
>| temporary directory using the same naming scheme. While this does allow =
>one
>| to guarantee that a temporary file will not be subverted, it still allows=
> a
>| simple denial of service attack. For these reasons it is suggested that
>| mktemp be used instead.
If you are going to write a security related application, this note may be useful.
Unfortunately your thoughts are based on a wrong assumption:
There is only one reason to hide the name of a tempfile from other people:
You are going to write a security relevant appliaction where people
could gain something from attaking the /tmp files. You see, it only
applies to suid or sgid applications.
You cannot write 100% secure suid scripts so why have the feature
for shell scripts that does not make sense in shell scripts.
Jörg
EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin
[EMAIL PROTECTED] (uni) If you don't have iso-8859-1
[EMAIL PROTECTED] (work) chars I am J"org Schilling
URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
