Open orlitzky opened 8 months ago
In my experience it pays off to create a single temporary directory as "root" dir for all subsequent temporaries as soon as there are more than say one or two temporary files. Cleanup will be simpler as only one directory must be blown away on (whatever kind of) exit and maintenance will be simpler, too.
So, I'd like to suggest
IMAGEN_TMPROOT=$(posix_mktemp)
COM="$IMAGEN_TMPROOT/com"
TMPPNG="$IMAGEN_TMPROOT/png"
or something along that lines. Here follow up mkdir(1) calls are necessary, though.
Oh yeah, I almost forgot: speed! Only one invocation of m4(1). LOL.
In my experience it pays off to create a single temporary directory as "root" dir for all subsequent temporaries as soon as there are more than say one or two temporary files.
Maybe, but I don't know how to do that :P
Hi, I (quite accidentally) noticed that the
imagen
program is using predictable paths under/tmp
:In particular,
$COM
is used to run code:There are some well-known exploits that can take advantage of the code above. Basically, someone else on the machine can create those files before you do. Then he owns those files and can write malicious commands into them.
The use of the current PID in the filename helps a little bit, but ultimately PIDs are guessable, and all of them are known beforehand -- they're just sequential integers, after all. So in the end it's still pretty easy for someone to take over the temporary files that you want to use.
Fortunately there is a standard C function called
mkstemp()
that can create those files securely. Unfortunately, it's not easily available in POSIX shell script. The following trick can be used however:Since m4 is POSIX, and since it has an interface to the C
mkstemp()
function, we let m4 create the temporary directory instead. This avoids the security issues by using a name that is truly unguessable.