Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Although I can achieve creating a temp file with either mktemp and touch, how specifically does mktemp benefit reliability and/or security in scripting over just manually touching a file?
mktemprandomizes the name. It is very important from the security point of view.Just imagine that you do something like:
in your root-running script.
And someone (who has read your script) does
before.
This results in
/etc/passwdbeing overwritten, and potentially it can mean different unpleasant things starting from the system becomes broken, and ending with the system becomes hacked (when the inputsomethingcould be carefully crafted).The
mktempcommand could help you in this situation:Now this
ln /etc/passwdattack will not work.A brief insight into the history of mktemp: The
mktempcommand was invented by the OpenBSD folks, and first appeared in OpenBSD 2.1 back in 1997. Their goal was to improve the security of shell scripts. Previously the norm had been to add$$to temporary file names, which was absolutely insecure. Now all UNIX/Linux systems have eithermktempor its alternatives, and it became standard de-facto. Funny enough, themktempC function was deprecated for being unsecure.