

Safely Creating Temporary Files in Shell Scripts (2005) - mapleoin
http://www.linuxsecurity.com/content/view/115462/151/

======
e28eta
Section 3.5 doesn't seem very safe to me, because I think it allows the user
running the script to dictate where the directory will be created via an
environment variable.

I don't know what specifically would be gained with that control. Maybe an
attacker could specify a TMPDIR that resolves to a path on a FUSE mount and
start doing nefarious things with the data in the tmp file?

~~~
JoshTriplett
Controlling the location of the temporary directory does not cause a security
problem as long as the attacker cannot predict the name of the directory.

Also, regarding FUSE: that's one of many reasons that FUSE mounts by default
don't allow other users (including root) to access them.

~~~
e28eta
Can I also override $RANDOM to be a static value? PID seems very
guessable/brute-forcible.

~~~
JoshTriplett
$RANDOM isn't actually in POSIX, and /bin/sh might not implement it at all:

    
    
        /tmp$ cat test.sh 
        #!/bin/sh
        echo $RANDOM $RANDOM $RANDOM
        /tmp$ ./test.sh
        
        /tmp$
    

In a shell that implements it, though, such as bash, you can't override it via
the environment. However, it's quite difficult to write privileged shell code
if you don't trust the environment, notably $PATH. Too many shell features
depend on variables, and shells don't automatically sanitize those.

------
mindslight
These kinds of articles should not be considered guides, but bug reports
instead.

