secure temporary file creation/usage

secure temporary file creation/usage

Post by Trever Adam » Sun, 23 May 1999 04:00:00

I have been reading much about exploits involving temporary files.  I am
working on a C program where I need to make a temporary directory,
populate it with files, call a sub program (not sub routine) and have it
to its thing, on return I will erase those files.

Are there any functions (C libraries) I should/should not be using and
any specific precautions I should take?

I do want this to be portable as possible, that is the only caveat.



1. To use temporary files or not to use temporary files?

This is a repost with Subject line changed:

It is very sad to see that Brian Kernighan and Rob Pike uses temporary
files in the example. I think the temporary can be easily and better
avoided in this case. The modified version is provided at the end. If you
believe the modified version is not better, I would like to hear it.
I make a lot of effort not to use temporary files in my shell scripts,
I do not know if I am alone in this.

And I do not see the value of saving the the original file in the

cp $file $old    # save original file

In "The UNIX Programming Environment", Brian Kernighan and Rob Pike provide

# overwrite:  copy standard input to output after EOF
# modified version


case $# in
0|1)    echo 'Usage: overwrite file cmd [args]' 1>&2; exit 2

file=$1; shift

        trap '' 1 2 15   # we are committed; ignore signals
        print -r -- "$new" >  $file
        echo "overwrite: $1 failed, $file unchanged" 1>&2
        exit 1

2. Terribly slow networking: RH 6.2, 486, NE2000 clone

3. Secure temporary storage space?

4. top command

5. Creating A Secure Temporary Directory

6. Old vge gigabit card

7. Adding text to the top of a file without using temporary files

8. Video Card for 43P-140

9. Secure Secure Secure

10. Gvim is not giving a new file creation, when several files already opened..

11. Secure issues on the usage of exec

12. Secure usage of netfilter hooks

13. Temporary files?