TMPDIR (was Re: Nasty Security Hole?)
Stephen J. Friedl
friedl at vsi.COM
Wed Nov 30 05:42:57 AEST 1988
In article <755 at quintus.UUCP>, ok at quintus.uucp (Richard A. O'Keefe) writes:
>
> See TEMPNAM(BA_LIB) in the SVID.
> char *tempnam(char *dir, char *prefix)
> If TMPDIR is defined in the user's environment and can be used, use that.
> If dir is non-NULL and names a usable directory, use that.
> If P_tmpdir (in <stdio.h>, usually /usr/tmp/) is usable, use that.
> Use /tmp only as a last resort.
> (Yes, that's right, $TMPDIR over-rides the dir argument.)
An important note about tempnam(3): some (all?) implementations
use access(2) to determine if the user has permission to use the
temporary directory so mentioned. This can cause problems in
a setuid/setgid environment where the effective uid/gid has
permission to the dir but the real, underlying uid/gid does not.
Another reason why you should require a license to use access(2).
Steve
--
Steve Friedl V-Systems, Inc. +1 714 545 6442 3B2-kind-of-guy
friedl at vsi.com {backbones}!vsi.com!friedl attmail!vsi!friedl
--------Nancy Reagan on access(2): "Just say NO F**KING WAY"-------
:wq!
More information about the Comp.unix.wizards
mailing list