Brad, I thought you might find this helpful: ---------------------- Temporary (tmp) files Most programs need to create temporary files, and this can be done perfectly safely if a little care and attention is taken. The first thing a program should do is honor the "TMP_DIR" environment variable. This allows users to create a ~/tmp_dir directory (or similar) which can be much more protected than the world accessible /tmp directory. Also if you must create temp files give them truly random names. Using the process PID or time of day, or other variables which should not "collide" will not prevent malicious users from creating many tempfiles in the hopes your program will open one and overwrite it. Also make sure that the file doesn't exist before creating it, but this can be circumvented if the filename used is predictable. If you are worried about the temp files a program may be creating you can use L0pht watch to monitor directories (such as /tmp) and have the output go to syslog (so you can run this as an administrator to monitor things). http://securityportal.com/direct.cgi?/closet/closet20000301.html ---------------------- Jeff -- +----------------------------------+ | J.W. Bizzaro | | | | http://bioinformatics.org/~jeff/ | | | | BIOINFORMATICS.ORG | | The Open Lab | | | | http://bioinformatics.org/ | +----------------------------------+