[bug #14386] updatedb relies on mktemp, which is not portable

bug-findutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug #14386] updatedb relies on mktemp, which is not portable

From:	Eric Blake
Subject:	[bug #14386] updatedb relies on mktemp, which is not portable
Date:	Sat, 3 Sep 2005 08:27:57 -0600
User-agent:	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6

URL:
  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>

                 Summary: updatedb relies on mktemp, which is not portable
                 Project: findutils
            Submitted by: ericb
            Submitted on: Sat 09/03/05 at 08:27
                Category: updatedb
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: Eric Blake
        Originator Email: address@hidden
             Open/Closed: Open
                 Release: 4.2.25
           Fixed Release: None

    _______________________________________________________

Details:

updatedb assumes that mktemp is on the user's PATH, which is not always the
case. 
http://www.gnu.org/prep/standards/standards.html#Utilities-in-Makefiles does
not include mktemp as a utility that portable programs can assume.  CVS
autoconf documents a more portable way to create secure temp files (actually,
a secure temp directory, where you then store temp files inside):

@item @command{mktemp}
@c -------------------
@prindex @command{mktemp}
@cindex Creating temporary files
Shell scripts can use temporary files safely with @command{mktemp}, but
it does not exist on all systems.  A portable way to create a safe
temporary file name is to create a temporary directory with mode 700 and
use a file inside this directory.  Both methods prevent attackers from
gaining control, though @command{mktemp} is far less likely to fail
gratuitously under attack.

Here is sample code to create a new temporary directory safely:

@example
# Create a temporary directory $tmp in $TMPDIR (default /tmp).
# Use mktemp if possible; otherwise fall back on mkdir,
# with $RANDOM to make collisions less likely.
: address@hidden/address@hidden
@{
  tmp=`
    (umask 077 && mktemp -d "$TMPDIR/fooXXXXXX") 2>/dev/null
  ` &&
  test -n "$tmp" && test -d "$tmp"
@} || @{
  tmp=$TMPDIR/foo$$-$RANDOM
  (umask 077 && mkdir "$tmp")
@} || exit $?
@end example








    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?func=detailitem&item_id=14386>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[bug #14386] updatedb relies on mktemp, which is not portable, Eric Blake <=
- [bug #14386] updatedb relies on mktemp, which is not portable, James Youngman, 2005/09/17
  - [bug #14386] updatedb relies on mktemp, which is not portable, Eric Blake, 2005/09/17

Prev by Date: [bug #14070] Spurious cycle detection with configure --with-fts and find -L
Next by Date: [bug #14390] Test suite failure in quit.exp
Previous by thread: [bug #14070] Spurious cycle detection with configure --with-fts and find -L
Next by thread: [bug #14386] updatedb relies on mktemp, which is not portable
Index(es):
- Date
- Thread