Re: world readable temp files and bash? set -C, noclobber (gnustandards suggestion and/or question)

[Ralf Wildenhues]

* Karl Berry wrote on Fri, Jan 28, 2011 at 01:48:49AM CET:
>     rw> You could mention that mktemp is available everywhere.
> 
> I don't think it is.  Solaris.

Argh.  I meant "is _not_ available everywhere".  Sorry about that.

>     rw> 'info Autoconf --index mktemp' also has a recommendation for a
>     portable alternative.
> 
> Yep, so you know (as I expected :) that it's not available everywhere or
> you wouldn't need a "portable alternative" :).
> 
> BTW, $RANDOM (used in that sample code) surely isn't portable either,
> and without $RANDOM it's still more or less feasible for attackers, as
> the coreutils page (and Michael's url) go into.

Well, but since the code uses mkdir not file creation or redirection,
there should at most be a denial of service problem.  Or so I hope at
least.  Unless, of course, the calling code doesn't check the status.

Cheers,
Ralf