[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-trivial] [Qemu-devel] [PATCH] configure: Put tempfiles in subd

From: Eric Blake
Subject: Re: [Qemu-trivial] [Qemu-devel] [PATCH] configure: Put tempfiles in subdir so we can clean up libtool files
Date: Tue, 06 May 2014 09:43:57 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

On 05/06/2014 08:53 AM, Peter Maydell wrote:

>> # Create a (secure) tmp directory for tmp files.
>> {
>>   tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
>>   test -d "$tmp"
>> }  ||
>> {
>>   tmp=./conf$$-$RANDOM
>>   (umask 077 && mkdir "$tmp")
>> } || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
>> ac_tmp=$tmp
> Yuck.
>> The use of $$ and $RANDOM is safe (even on shells that lack $RANDOM)
>> because of the fact that mkdir is atomic and the umask is correctly set
>> prior to the mkdir.
> I dislike the use of $RANDOM, because it means we behave
> inconsistently. If it's OK for $RANDOM to expand to "" then we
> should just not use it at all, because that's OK and the same
> everywhere.

It's okay for $RANDOM to expand to "" in the fallback code, for the
platforms that lack mktemp(1); most developers are on a platform that
have mktemp.  The use of $RANDOM makes it harder for an attacker to
pre-create a competing file by the same name, but does not add any
security; so omitting $RANDOM for the fallback path doesn't hurt if you
are that bothered by seeing it present in a dash script.

> Similarly, if it's OK not to use mktemp on some systems,
> we should use the same non-mktemp code everywhere.

The fallback is not ideal, but tolerable.  It's still better to try and
use mktemp where it exists.

> We could sidestep this rubbish by not trying to put our temp
> files in /tmp/, and instead just put them in the build directory
> (ie ./conf-temps/ or something similar, which we blow away
> and recreate every time).

Yes, using a different location for temporary files and avoiding /tmp
might also work.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]