efa7a97b |
1 | .TH tmpdir 1 "6 April 1999" "Local tools" |
2 | .SH NAME |
3 | tmpdir \- choose, or check a choice of, temporary directory |
4 | .SH SYNOPSIS |
5 | .B tmpdir |
6 | .RB [ \-bc ] |
7 | .RB [ \-v |
8 | .IR dir ] |
9 | .SH USAGE |
10 | The |
11 | .B tmpdir |
12 | program creates a secure place for temporary files to be stored, and |
13 | outputs an assignment to the |
14 | .B TMPDIR |
15 | variable suitable for execution by a shell. |
16 | .PP |
17 | Many programs aren't sufficiently careful about how they handle |
18 | temporary files. For example, if a program which creates files in |
19 | .B /tmp |
20 | without making careful checks beforehand, a malicious user who can |
21 | predict the name that the program will use can create a symbolic link |
22 | with that name: when run, the program will then overwrite some file |
23 | using your current privileges. Similarly, many programs create |
24 | temporary files using generous default permissions, which may well be a |
25 | mistake. |
26 | .PP |
27 | The |
28 | .B tmpdir |
29 | program finds a secure place for temporary files, creating one if |
30 | necessary. The criteria it uses to choose a place are as follows: |
31 | .IP 1. |
32 | The temporary directory must be owned by the user, and have mode 700 |
33 | (i.e., readable, writable and searchable only by the owner). |
34 | .IP 2. |
35 | The path through the filesystem to the temporary directory must be |
36 | secure against modifications by other malicious users. See the |
37 | .BR chkpath (1) |
38 | manual page for a description of how this is done: the two programs work |
39 | in the same way. |
40 | .PP |
41 | First, |
42 | .B tmpdir |
43 | checks to see whether the current value of the |
44 | .B TMPDIR |
45 | environment variable is a secure place for temporary files. If so, it |
46 | is accepted immediately. Otherwise, it tries to find or create a |
47 | directory in |
48 | .B /tmp |
49 | (on the assumption that this is a fast disk suitable for temporary |
50 | files), with the name |
51 | .BI /tmp/ user \- suffix |
52 | for some |
53 | .IR suffix . |
54 | If that fails, it tries to create a directory in your home directory, |
55 | with the name |
56 | .BI ~/tmp\- suffix\fR. |
57 | If |
58 | .I that |
59 | fails too, then |
60 | .B tmpdir |
61 | gives up: if your home directory's not secure (or full) than a secure |
62 | temporary directory is the least of your worries. |
63 | .SS OPTIONS |
64 | The following options are supported: |
65 | .TP |
66 | .B "\-b, \-\-bourne" |
67 | Output an assignment using Bourne shell syntax. The default is to |
68 | examine the user's shell and decide which syntax to use based on that. |
69 | .TP |
70 | .B "\-c, \-\-cshell" |
71 | Output an assignment using C shell syntax. |
72 | .TP |
73 | .BI "\-v, --verify=" dir |
74 | Don't try to find a temporary directory; just see whether |
75 | .I dir |
76 | is secure, and exit successfully if it is (and unsuccessfully if it |
77 | isn't). |
78 | .SH BUGS |
79 | None known. |
80 | .SH SEE ALSO |
81 | .BR chkpath (1), |
82 | .BR tmpnam (3), |
83 | .BR tmpfile (3). |
84 | .SH AUTHOR |
85 | Mark Wooding (mdw@nsict.org). |