On 05/06/2014 08:53 AM, Peter Maydell wrote: >> # Create a (secure) tmp directory for tmp files. >> >> { >> tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && >> test -d "$tmp" >> } || >> { >> tmp=./conf$$-$RANDOM >> (umask 077 && mkdir "$tmp") >> } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 >> ac_tmp=$tmp > > Yuck. > >> The use of $$ and $RANDOM is safe (even on shells that lack $RANDOM) >> because of the fact that mkdir is atomic and the umask is correctly set >> prior to the mkdir. > > I dislike the use of $RANDOM, because it means we behave > inconsistently. If it's OK for $RANDOM to expand to "" then we > should just not use it at all, because that's OK and the same > everywhere.
It's okay for $RANDOM to expand to "" in the fallback code, for the platforms that lack mktemp(1); most developers are on a platform that have mktemp. The use of $RANDOM makes it harder for an attacker to pre-create a competing file by the same name, but does not add any security; so omitting $RANDOM for the fallback path doesn't hurt if you are that bothered by seeing it present in a dash script. > > Similarly, if it's OK not to use mktemp on some systems, > we should use the same non-mktemp code everywhere. The fallback is not ideal, but tolerable. It's still better to try and use mktemp where it exists. > > We could sidestep this rubbish by not trying to put our temp > files in /tmp/, and instead just put them in the build directory > (ie ./conf-temps/ or something similar, which we blow away > and recreate every time). Yes, using a different location for temporary files and avoiding /tmp might also work. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature