Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Security issue and temp files
Top Forums UNIX for Dummies Questions & Answers Security issue and temp files Post 302358193 by mojoman on Thursday 1st of October 2009 03:19:15 PM
Old 10-01-2009
Security issue and temp files
Hello,

One of the senior network admins at work told me that I should not hard code temp files into my scripts. Rather I should use the mktemp commands in the script to create them on the fly.

His argument was that if a malicious user knew the name of my temp files in the script they could create a symbolic link based on that name to a more important file to overwrite it. So if my temp file was called temp1 the hacker could create a symbolic link to say /etc/passwd.

On my system I created a symbolic link called temp1 pointing to /etc/passwd and then I used touch to create a file called temp1 to see what would happen. But when I tried to create the file with touch, most likely because the symbolic link called temp 1 was already there.

Hence my question: Is that the sysadmin said is true in light of my experiment? And if not, why should I use mktemp instead of hard coding tempf files in my scripts?
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Tidying up temp files on exit of script

Hi I believe there is a method to remove all temporary files when a KSH script terminates (either expectedly or unexpectedly). I think is some sort of subroutine you can create that runs when the script exits. Can anyone help me with this please? Many thanks Helen :confused: (2 Replies)
Discussion started by: Bab00shka
2 Replies

2. Shell Programming and Scripting

Script to Delete temp files and check file system

Hi all, new to the threads as well as Unix/Linux. I need to create a script that will delete any temporary files as well as check the files on the system for errors or corruption. This is what I have so far and I'm sure that I'm missing things or have the wrong commands. I'm not sure where to go... (3 Replies)
Discussion started by: Bwood1377
3 Replies

3. Shell Programming and Scripting

Joining 3 AWK scripts to avoid use "temp" files

Hi everyone, Looking for a suggestion to improve the below script in which I´ve been working. The thing is I have 3 separated AWK scripts that I need to apply over the inputfile, and for scripts (2) and (3) I have to use a "temp" file as their inputfile (inputfile_temp and inputfile_temp1... (2 Replies)
Discussion started by: cgkmal
2 Replies

4. UNIX for Dummies Questions & Answers

Temp mysql files jamming CPU resources

Hello Friends I am currently facing high CPU usage problem which is making my site extremely slow. Currently I am using a 8GB RAM with 8 cores but, the creation of temporary files is eating away a lot of the CPU resource making the site very slow. The normal CPU load average remains below 2-3... (5 Replies)
Discussion started by: egully
5 Replies

5. Shell Programming and Scripting

temp files

Hi there, As a regular unix user I am forever programming on the command line or writing scripts so that I first write a load of data to a file to read from. In the end I am always left with a bundle of .txt, .tmp which is what I usually call them. As a basic programmmer I was wondering is... (6 Replies)
Discussion started by: cyberfrog
6 Replies

6. Shell Programming and Scripting

Script to temp create files more than inode limit

HI, I am from testing background. I have a scenario of a file generation, through cronjob, on a defined path. After I fill the data as 100 % utilized, my application is generating an empty file on the defined path. # df -kh Filesystem Size Used Avail Use% Mounted on... (3 Replies)
Discussion started by: atulbassi83
3 Replies

7. OS X (Apple)

Safari Temp Internet Files Location

I'm looking for help with finding where plugin data and other page resources are stored on the hard disk in safari 6.0. With the new update, the activity window has been merged into the develop menu under "show page resources" and one cannot access them directly. I tried running opensnoop to see... (3 Replies)
Discussion started by: sakurashinken
3 Replies

8. Shell Programming and Scripting

Backup shell script created temp files .

Hi, I've a script which creates a temp flat file for storing all business dates received on a single day from diff control files sent by source system on that day. e.g on 12th april I receive txns for business day 8,9,10,11 april. I capture this business day and append to a flat file from... (1 Reply)
Discussion started by: manojg9
1 Replies

9. Shell Programming and Scripting

RMTF (ReMove Temp Files)

Heyas As some applications (sed,grep,vi, etc) create some tempfiles, i'd changed a script to this: (sadly i cant find the original post (code) anymore (which just removed 2 'diffrent kinds'), just similar ones - forgot that as i was new to all this) :) ~ $ cat $(which rmtf) #!/bin/sh #... (1 Reply)
Discussion started by: sea
1 Replies

10. Shell Programming and Scripting

Removing large number of temp files

Hi All, I am having a situation now to delete a huge number of temp files created during run times approx. 16700+ files. We have never imagined that we will get this this much big list of files during run time. It worked fine for lesser no of files in the list. But when list is huge we are... (7 Replies)
Discussion started by: mad man
7 Replies

LEARN ABOUT NETBSD

gzexe

GZEXE(1)						    BSD General Commands Manual 						  GZEXE(1)

NAME

     gzexe -- create auto-decompressing executables

SYNOPSIS

     gzexe [-d] file ...

DESCRIPTION

     The gzexe utility uses gzip(1) to compress executables, producing executables that decompress on-the-fly when executed.  This saves disk
     space, at the cost of slower execution times.  The original executables are saved by copying each of them to a file with the same name with a
     '~' suffix appended.  After verifying that the compressed executables work as expected, the backup files can be removed.

     The options are as follows:

     -d      Decompress executables previously compressed by gzexe.

     The gzexe program refuses to compress non-regular or non-executable files, files with a setuid or setgid bit set, files that are already com-
     pressed using gzexe or programs it needs to perform on-the-fly decompression: sh(1), mktemp(1), rm(1), echo(1), tail(1), gzip(1), and
     chmod(1).

SEE ALSO

     gzip(1)

CAVEATS

     The gzexe utility replaces files by overwriting them with the generated compressed executable.  To be able to do this, it is required that
     the original files are writable.

BSD
								   July 30, 2003							       BSD
All times are GMT -4. The time now is 06:01 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy