more secure alternative to [tempfile]

Brought to you by: andreas_kupries, dev_null42a, ericm, hobbs, and 6 others

#215 more secure alternative to [tempfile]

Status: open

Owner: nobody

Labels: fileutil (15)

Priority: 5

Updated: 2006-01-18

Created: 2006-01-18

Creator: Don Porter

Private: No

The [tempfile] command creates
a new file and returns its name.

The caller is then free to
[open] that filename.

The separation of file creation
and the [open] leaves an interval
when an attacker might manipulate
that file. So care must be taken
when using this facility.

A more secure strategy is to have
one command do all parts: generate
the file name, create and open
the file, and pass back the channel
of the open file in addition to
the file name.

This is analogous to using
mkstmp() instead of tmpnam()
in a C program.

It would be good to either modify
[tempfile] to improve security, or
if compatibility is a concern, offer
an alternative command for the more
secure option.

Note there are some security issues
that cannot be addressed fully at
Tcl script level with Tcl's current
built-in commands, and will require
a C-coded solution. See TIP 210.

Discussion

Don Porter - 2009-04-10

[file tempfile] is now part of Tcl 8.6.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

more secure alternative to [tempfile]

Group

Searches

Help

#215 more secure alternative to [tempfile]

Discussion