Circa 2001-Mar-29 16:40:49 +0100 dixit Philip Hazel:
: On Thu, 29 Mar 2001, Tamas TEVESZ wrote:
:
: > > appendfile.o(.text+0x2cba): the use of `tmpnam' is dangerous,
: > > better use `mkstemp'
: >
: > actually this is true. is it possible to change tmpnams to mkstemp
: > (where available?)
:
: I try to use Standard C where possible. The function tmpnam() is in the
: standard, whereas mkstemp() is not. Can you guarantee that mkstemp() is
: available in every version of Unix that Exim supports? The RedHat Linux
: man page states
:
: CONFORMING TO
: BSD 4.3
:
: which suggests it won't be in every Unix. Also, I see that the Solaris 8
: man page states:
:
: The tmpfile(3C) function is preferred over this function.
:
: This does not inspire me with confidence. However, tmpfile() *is* in the
: Standard. I'm not sure why I didn't make use of it (probably just forgot
: about its existence). I've noted the issue for investigation.
It's unfortunate that it's so difficult to portably create temporary
files. Yes, mkstemp() (if properly implemented) provides a good
solution, but it's not guaranteed to be available everywhere.
Two good ways to portably and securely create temporary files are:
(1) Use a subdirectory of /tmp/ (or /var/tmp/ or wherever):
(a) Create a directory with mode 0700. If the directory already
exists and is either not owned by us or is writeable by
someone other than the owner, fail (or repeat with a
different directory name).
(b) Create a unique file within the directory from [a] (probably
with mode 0600).
(2) If the temporary file is known to be on a local filesystem, Use
open() with O_CREAT and O_EXCL. This is weaker than [1].
They're not as good as mkstemp() (chiefly because it's more difficult
to produce unpredictable but unique names for the directory or file to
create), but they're somewhat less susceptible to race conditions and
associated attacks.
Another possible solution for this is to snarf the mkstemp()
implementation from OpenBSD and incorporate it into the exim source
base, always using it instead of an implementation (or alternate
function) provide by the OS.
--
jim knoble | jmknoble@??? |
http://www.jmknoble.cx/