Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security issue and temp files
Top Forums UNIX for Dummies Questions & Answers Security issue and temp files Post 302358193 by mojoman on Thursday 1st of October 2009 03:19:15 PM
Old 10-01-2009
Security issue and temp files
Hello,

One of the senior network admins at work told me that I should not hard code temp files into my scripts. Rather I should use the mktemp commands in the script to create them on the fly.

His argument was that if a malicious user knew the name of my temp files in the script they could create a symbolic link based on that name to a more important file to overwrite it. So if my temp file was called temp1 the hacker could create a symbolic link to say /etc/passwd.

On my system I created a symbolic link called temp1 pointing to /etc/passwd and then I used touch to create a file called temp1 to see what would happen. But when I tried to create the file with touch, most likely because the symbolic link called temp 1 was already there.

Hence my question: Is that the sysadmin said is true in light of my experiment? And if not, why should I use mktemp instead of hard coding tempf files in my scripts?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Tidying up temp files on exit of script

Hi I believe there is a method to remove all temporary files when a KSH script terminates (either expectedly or unexpectedly). I think is some sort of subroutine you can create that runs when the script exits. Can anyone help me with this please? Many thanks Helen :confused: (2 Replies)
Discussion started by: Bab00shka
2 Replies

2. Shell Programming and Scripting

Script to Delete temp files and check file system

Hi all, new to the threads as well as Unix/Linux. I need to create a script that will delete any temporary files as well as check the files on the system for errors or corruption. This is what I have so far and I'm sure that I'm missing things or have the wrong commands. I'm not sure where to go... (3 Replies)
Discussion started by: Bwood1377
3 Replies

3. Shell Programming and Scripting

Joining 3 AWK scripts to avoid use "temp" files

Hi everyone, Looking for a suggestion to improve the below script in which I´ve been working. The thing is I have 3 separated AWK scripts that I need to apply over the inputfile, and for scripts (2) and (3) I have to use a "temp" file as their inputfile (inputfile_temp and inputfile_temp1... (2 Replies)
Discussion started by: cgkmal
2 Replies

4. UNIX for Dummies Questions & Answers

Temp mysql files jamming CPU resources

Hello Friends I am currently facing high CPU usage problem which is making my site extremely slow. Currently I am using a 8GB RAM with 8 cores but, the creation of temporary files is eating away a lot of the CPU resource making the site very slow. The normal CPU load average remains below 2-3... (5 Replies)
Discussion started by: egully
5 Replies

5. Shell Programming and Scripting

temp files

Hi there, As a regular unix user I am forever programming on the command line or writing scripts so that I first write a load of data to a file to read from. In the end I am always left with a bundle of .txt, .tmp which is what I usually call them. As a basic programmmer I was wondering is... (6 Replies)
Discussion started by: cyberfrog
6 Replies

6. Shell Programming and Scripting

Script to temp create files more than inode limit

HI, I am from testing background. I have a scenario of a file generation, through cronjob, on a defined path. After I fill the data as 100 % utilized, my application is generating an empty file on the defined path. # df -kh Filesystem Size Used Avail Use% Mounted on... (3 Replies)
Discussion started by: atulbassi83
3 Replies

7. OS X (Apple)

Safari Temp Internet Files Location

I'm looking for help with finding where plugin data and other page resources are stored on the hard disk in safari 6.0. With the new update, the activity window has been merged into the develop menu under "show page resources" and one cannot access them directly. I tried running opensnoop to see... (3 Replies)
Discussion started by: sakurashinken
3 Replies

8. Shell Programming and Scripting

Backup shell script created temp files .

Hi, I've a script which creates a temp flat file for storing all business dates received on a single day from diff control files sent by source system on that day. e.g on 12th april I receive txns for business day 8,9,10,11 april. I capture this business day and append to a flat file from... (1 Reply)
Discussion started by: manojg9
1 Replies

9. Shell Programming and Scripting

RMTF (ReMove Temp Files)

Heyas As some applications (sed,grep,vi, etc) create some tempfiles, i'd changed a script to this: (sadly i cant find the original post (code) anymore (which just removed 2 'diffrent kinds'), just similar ones - forgot that as i was new to all this) :) ~ $ cat $(which rmtf) #!/bin/sh #... (1 Reply)
Discussion started by: sea
1 Replies

10. Shell Programming and Scripting

Removing large number of temp files

Hi All, I am having a situation now to delete a huge number of temp files created during run times approx. 16700+ files. We have never imagined that we will get this this much big list of files during run time. It worked fine for lesser no of files in the list. But when list is huge we are... (7 Replies)
Discussion started by: mad man
7 Replies

LEARN ABOUT FREEBSD

link

LN(1)							    BSD General Commands Manual 						     LN(1)

NAME

     ln, link -- link files

SYNOPSIS

     ln [-L | -P | -s [-F]] [-f | -iw] [-hnv] source_file [target_file]
     ln [-L | -P | -s [-F]] [-f | -iw] [-hnv] source_file ... target_dir
     link source_file target_file

DESCRIPTION

     The ln utility creates a new directory entry (linked file) for the file name specified by target_file.  The target_file will be created with
     the same file modes as the source_file.  It is useful for maintaining multiple copies of a file in many places at once without using up stor-
     age for the ``copies''; instead, a link ``points'' to the original copy.  There are two types of links; hard links and symbolic links.  How a
     link ``points'' to a file is one of the differences between a hard and symbolic link.

     The options are as follows:

     -F    If the target file already exists and is a directory, then remove it so that the link may occur.  The -F option should be used with
	   either -f or -i options.  If none is specified, -f is implied.  The -F option is a no-op unless -s option is specified.

     -L    When creating a hard link to a symbolic link, create a hard link to the target of the symbolic link.  This is the default.  This option
	   cancels the -P option.

     -P    When creating a hard link to a symbolic link, create a hard link to the symbolic link itself.  This option cancels the -L option.

     -f    If the target file already exists, then unlink it so that the link may occur.  (The -f option overrides any previous -i and -w
	   options.)

     -h    If the target_file or target_dir is a symbolic link, do not follow it.  This is most useful with the -f option, to replace a symlink
	   which may point to a directory.

     -i    Cause ln to write a prompt to standard error if the target file exists.  If the response from the standard input begins with the char-
	   acter 'y' or 'Y', then unlink the target file so that the link may occur.  Otherwise, do not attempt the link.  (The -i option over-
	   rides any previous -f options.)

     -n    Same as -h, for compatibility with other ln implementations.

     -s    Create a symbolic link.

     -v    Cause ln to be verbose, showing files as they are processed.

     -w    Warn if the source of a symbolic link does not currently exist.

     By default, ln makes hard links.  A hard link to a file is indistinguishable from the original directory entry; any changes to a file are
     effectively independent of the name used to reference the file.  Directories may not be hardlinked, and hard links may not span file systems.

     A symbolic link contains the name of the file to which it is linked.  The referenced file is used when an open(2) operation is performed on
     the link.	A stat(2) on a symbolic link will return the linked-to file; an lstat(2) must be done to obtain information about the link.  The
     readlink(2) call may be used to read the contents of a symbolic link.  Symbolic links may span file systems and may refer to directories.

     Given one or two arguments, ln creates a link to an existing file source_file.  If target_file is given, the link has that name; target_file
     may also be a directory in which to place the link; otherwise it is placed in the current directory.  If only the directory is specified, the
     link will be made to the last component of source_file.

     Given more than two arguments, ln makes links in target_dir to all the named source files.  The links made will have the same name as the
     files being linked to.

     When the utility is called as link, exactly two arguments must be supplied, neither of which may specify a directory.  No options may be sup-
     plied in this simple mode of operation, which performs a link(2) operation using the two passed arguments.

EXAMPLES

     Create a symbolic link named /home/src and point it to /usr/src:

	   # ln -s /usr/src /home/src

     Hard link /usr/local/bin/fooprog to file /usr/local/bin/fooprog-1.0:

	   # ln /usr/local/bin/fooprog-1.0 /usr/local/bin/fooprog

     As an exercise, try the following commands:

	   # ls -i /bin/[
	   11553 /bin/[
	   # ls -i /bin/test
	   11553 /bin/test

     Note that both files have the same inode; that is, /bin/[ is essentially an alias for the test(1) command.  This hard link exists so test(1)
     may be invoked from shell scripts, for example, using the if [ ] construct.

     In the next example, the second call to ln removes the original foo and creates a replacement pointing to baz:

	   # mkdir bar baz
	   # ln -s bar foo
	   # ln -shf baz foo

     Without the -h option, this would instead leave foo pointing to bar and inside foo create a new symlink baz pointing to itself.  This results
     from directory-walking.

     An easy rule to remember is that the argument order for ln is the same as for cp(1): The first argument needs to exist, the second one is
     created.

COMPATIBILITY

     The -h, -i, -n, -v and -w options are non-standard and their use in scripts is not recommended.  They are provided solely for compatibility
     with other ln implementations.

     The -F option is a FreeBSD extension and should not be used in portable scripts.

SEE ALSO

     link(2), lstat(2), readlink(2), stat(2), symlink(2), symlink(7)

STANDARDS

     The ln utility conforms to IEEE Std 1003.2-1992 (``POSIX.2'').

     The simplified link command conforms to Version 2 of the Single UNIX Specification (``SUSv2'').

HISTORY

     An ln command appeared in Version 1 AT&T UNIX.

BSD
								 November 2, 2012							       BSD
All times are GMT -4. The time now is 02:35 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy