[Pipet Devel] temp files

J.W. Bizzaro bizzaro at geoserve.net
Wed Mar 1 14:46:18 EST 2000


Brad,

I thought you might find this helpful:

----------------------
Temporary (tmp) files

Most programs need to create temporary files, and this can be done perfectly
safely if a little care and attention is taken. The first thing a program
should do is honor the "TMP_DIR" environment variable. This allows users to
create a ~/tmp_dir directory (or similar) which can be much more protected than
the world accessible /tmp directory. Also if you must create temp files give
them truly random names. Using the process PID or time of day, or other
variables which should not "collide" will not prevent malicious users from
creating many tempfiles in the hopes your program will open one and overwrite
it. Also make sure that the file doesn't exist before creating it, but this can
be circumvented if the filename used is predictable. If you are worried about
the temp files a program may be creating you can use L0pht watch to monitor
directories (such as /tmp) and have the output go to syslog (so you can run
this as an administrator to monitor things).

http://securityportal.com/direct.cgi?/closet/closet20000301.html
----------------------

Jeff
-- 
                      +----------------------------------+
                      |           J.W. Bizzaro           |
                      |                                  |
                      | http://bioinformatics.org/~jeff/ |
                      |                                  |
                      |        BIOINFORMATICS.ORG        |
                      |           The Open Lab           |
                      |                                  |
                      |    http://bioinformatics.org/    |
                      +----------------------------------+




More information about the Pipet-Devel mailing list