|
|
|
|
|
|
by ckuehl
3067 days ago
|
|
|
This is a somewhat dangerous pattern for picking temporary files (from #8): $ NEWFILE=/tmp/newfile_${RANDOM}
$ touch $NEWFILE
The problem is that any user on the box can create files under /tmp. An attacker can set up a bunch of symlinks like /tmp/newfile_1, ..., /tmp/newfile_99999 pointing to a file owned by your user. When your script then writes into this temporary file, you'll write through the symlink and clobber one of your own files. Especially dangerous if root :)This has been a historic source of software vulnerabilities (often with the PID used instead as the guessable component instead of random, though). One recommended alternative is to use the `mktemp` command instead. |
|
|