RE: tmp issues: trap before making safe tmp and no change directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You noted:
> Even if the $tmpdir exists, it may not be the one created by the script.

This is true, but I guess that is one of the 'risks' one takes when trying to do atomic locking with shell scripting... :) :(
 
Would it be possible to write a small compiled program that could do the "atomically create unique file/directory and return it's name" program?  This is getting waaayyyy out of scope for 'fixing' the script in your example but it is one of the few ways I see to get around it.  Or see if the shell you are running under has an atomic check and create subroutine...probably not. :(
 
On the flip side, since "$tmpdir" is made up of the PID of the script, then there is a much smaller chance of using a pre-existing directory.  If you append the current system time (i.e. epoc micro-seconds) this should help quite a lot.  Of course, these tricks don't help if your script is running on an embedded machine or before the time has been properly set to the world time...
 
Good luck!
 
Dan

	-----Original Message----- 
	From: Jeremy C. Reed [mailto:reed@xxxxxxxxxxxxx] 
	Sent: Tue 10/28/2003 2:58 PM 
	To: security-discuss@xxxxxxxxxxxxxxxxx 
	Cc: 
	Subject: RE: tmp issues: trap before making safe tmp and no change directory
	
	

	On Tue, 28 Oct 2003, Daniel Linder wrote:
	
	>   Rather than using another value for the "needsCleanup" variable, why
	> not use the test of the existance of "$tmpdir" as the value for your
	> "needsCleanup" value?  I.e. replace "$needsCleanup" with a subroutine
	> that returns "true" if the "$tmpdir" exists?  Is there a bad race
	> condition here?
	
	(Just to note, this is not my code.)
	
	Even if the $tmpdir exists, it may not be the one created by the script.
	
	I guess it could check to see if it is not a symlink. (But I think the
	trap should just be done after it is safely created.)
	
	And the "rm -f $tmpdir/*" cleanup potentially can happen before the script
	safely attempts to create its own tmpdir.
	
	   Jeremy C. Reed
	   http://bsd.reedmedia.net/
	
	------------------------------------------------------------------------
	     To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
	         with "unsubscribe" in the subject of the message.
	
	

ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿN‹§²æìr¸›yé[rêâ·/ÝÇ.²Ïëz«ž²ßåŠ{±±ç.®+rýÊ&Â+aþéì®&Þþ)í…ë.n7œ¶‡í…éÆ


[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux