Upon the question:
> > Do you have a suggestion how to create temporary files in /tmp in a
> > secure way, even on platforms without 'mktemp' program?
Alexandre Duret-Lutz wrote:
> Here is what AS_TMPDIR([foo]) produces.
Aha! So you mean to say, the only way to securely create a file using usual
shell script constructs like
filename=`command to compute a temp filename`
echo "some contents" > $filename
is to make filename sit in a temporary directory under /tmp, not directly
in /tmp ?
> # Create a temporary directory, and hook for its removal unless debugging.
> $debug ||
> {
> trap 'exit_status=$?; rm -rf $tmp && exit $exit_status' 0
> trap '{ (exit 1); exit 1; }' 1 2 13 15
> }
>
> # Create a (secure) tmp directory for tmp files.
>
> : ${TMPDIR=/tmp}
>
> {
> tmp=`(umask 077 && mktemp -d -q "$TMPDIR/fooXXXXXX") 2>/dev/null` &&
> test -n "$tmp" && test -d "$tmp"
> } ||
> {
> tmp=$TMPDIR/foo$$-$RANDOM
> (umask 077 && mkdir $tmp)
> } ||
> {
> echo "$me: cannot create a temporary directory in $TMPDIR" >&2
> { (exit 1); exit 1; }
> }
Not bad, but still not perfect: mktemp is not a POSIX standardized
utility, and $RANDOM is bash specific. So what do you propose on POSIX
systems without mktemp and bash? Just fall back on the unsecure foo$$
pattern? Or ship an mktemp.c with the package, to be compiled by
'configure' very early?
It would be nice if we could write up the result of this discussion, when
finished, in the autoconf manual.
http://www.gnu.org/software/autoconf/manual/autoconf-2.57/html_chapter/autoconf_10.html
Bruno
_______________________________________________
Autoconf mailing list
Autoconf@xxxxxxx
http://lists.gnu.org/mailman/listinfo/autoconf
