[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "here strings" and tmpfiles
From: |
Chet Ramey |
Subject: |
Re: "here strings" and tmpfiles |
Date: |
Thu, 11 Apr 2019 15:41:29 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 |
On 4/11/19 12:12 AM, Jason A. Donenfeld wrote:
> I keep forgetting things. The other thing I wanted to bring up is that
> I suspect bash's actual implementation of temporary files is
> problematic and might have some of the classic /tmp and TOCTOU style
> attacks.
It's a peripheral issue, since the here-document implementation uses a
different function that (usually) calls mkstemp.
But since this function is used for making non-regular files (named pipes),
you pretty much have to use a function that returns a name. If you'd like
to take a run at a better implementation, I'd be glad to take a look at it,
as long as it's portable.
> The first one there uses mktemp(3), which is known to be racy and
> insecure. The GNU man page has a pretty strong warning about it. Maybe
> that's not used in GNU environments though?
Read
http://lists.gnu.org/archive/html/bug-bash/2016-05/msg00062.html
for a different perspective.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/
- Re: "here strings" and tmpfiles, (continued)
- Re: "here strings" and tmpfiles, Andreas Kusalananda Kähäri, 2019/04/11
- Re: "here strings" and tmpfiles, konsolebox, 2019/04/11
- Re: "here strings" and tmpfiles, Daniel Kahn Gillmor, 2019/04/11
- Re: "here strings" and tmpfiles, Chet Ramey, 2019/04/11
- Re: "here strings" and tmpfiles, Jason A. Donenfeld, 2019/04/11
- Re: "here strings" and tmpfiles, Jason A. Donenfeld, 2019/04/11
- Re: "here strings" and tmpfiles, Jason A. Donenfeld, 2019/04/11
- Re: "here strings" and tmpfiles,
Chet Ramey <=
- Re: "here strings" and tmpfiles, Greg Wooledge, 2019/04/11
- Re: "here strings" and tmpfiles, Chet Ramey, 2019/04/11
- Re: "here strings" and tmpfiles, Robert Elz, 2019/04/11
- Re: "here strings" and tmpfiles, Chet Ramey, 2019/04/11
- Re: "here strings" and tmpfiles, konsolebox, 2019/04/10
Re: "here strings" and tmpfiles, konsolebox, 2019/04/09
Re: "here strings" and tmpfiles, konsolebox, 2019/04/09