Bruno Haible <[EMAIL PROTECTED]> writes:
[...]
| $RANDOM is bash specific and expands to empty in shells
| other than bash.
[...]
$RANDOM is also supported by ksh and zsh.
(No idea who copied who.)
--
Alexandre Duret-Lutz
___
Autoconf mailing l
Alexandre Duret-Lutz <[EMAIL PROTECTED]> writes:
> Also reading Posix it's not clear to me whether this [set -C]
> is really expected to fail when $filename is a symlink.
More to the point, "set -C" doesn't work in practice to avoid
clobbering $filename if $filename is a special file, or a symlin
On Tue, Oct 26, 2004 at 03:40:46PM +0200, Bruno Haible wrote:
>
> Aha! So you mean to say, the only way to securely create a file using usual
> shell script constructs like
>
>filename=`command to compute a temp filename`
>echo "some contents" > $filename
>
> is to make filename sit in a te
Bruno Haible <[EMAIL PROTECTED]> wrote:
> Not bad, but still not perfect: mktemp is not a POSIX standardized
> utility, and $RANDOM is bash specific.
What sort of threat are you trying to defend against? Even if mktemp
is not available, and even if $RANDOM is empty, mkdir will still
either create
Thomas Dickey wrote:
> On some systems (none recent), I recall that you could still rename the
> directory (and put a link to your favorite location).
These must be systems on which the sticky bit on a directory (the 't' bit)
doesn't work. I don't attempt to write secure code for such platforms.
Alexandre Duret-Lutz wrote:
> Why do you call this unsecure? Either the directory already exists
> and your script aborts, or the directory is created with safe permissions.
You're right, sorry. I was confused by the presence of $RANDOM. Now I see
that the purpose of $RANDOM is only to decrease
On Tue, 26 Oct 2004, Bruno Haible wrote:
> Thomas Dickey wrote:
> > > is to make filename sit in a temporary directory under /tmp, not directly
> > > in /tmp ?
> >
> > For the truly paranoid, even that is not sufficient.
>
> Why? The creation of the temp directory cannot erase a file, and once the
Thomas Dickey wrote:
> > is to make filename sit in a temporary directory under /tmp, not directly
> > in /tmp ?
>
> For the truly paranoid, even that is not sufficient.
Why? The creation of the temp directory cannot erase a file, and once the
directory is created with mode 077, an attacker cannot
On Tue, 26 Oct 2004, Thomas Dickey wrote:
(sorry about the previous - missed keystroke)
> > Not bad, but still not perfect: mktemp is not a POSIX standardized
> > utility, and $RANDOM is bash specific. So what do you propose on POSIX
> > systems without mktemp and bash? Just fall back on the unse
On Tue, 26 Oct 2004, Bruno Haible wrote:
> is to make filename sit in a temporary directory under /tmp, not directly
> in /tmp ?
For the truly paranoid, even that is not sufficient.
>
> Not bad, but still not perfect: mktemp is not a POSIX standardized
> utility, and $RANDOM is bash specific. So
Upon the question:
> > Do you have a suggestion how to create temporary files in /tmp in a
> > secure way, even on platforms without 'mktemp' program?
Alexandre Duret-Lutz wrote:
> Here is what AS_TMPDIR([foo]) produces.
Aha! So you mean to say, the only way to securely create a file using usual
11 matches
Mail list logo
