[checkpath] / tmpdir.1

.TH tmpdir 1 "6 April 1999" "Local tools"
.SH NAME
tmpdir \- choose, or check a choice of, temporary directory
.SH SYNOPSIS
.B tmpdir
.RB [ \-bc ]
.RB [ \-v
.IR dir ]
.SH USAGE
The
.B tmpdir
program creates a secure place for temporary files to be stored, and
outputs an assignment to the 
.B TMPDIR
variable suitable for execution by a shell.
.PP
Many programs aren't sufficiently careful about how they handle
temporary files.  For example, if a program which creates files in
.B /tmp
without making careful checks beforehand, a malicious user who can
predict the name that the program will use can create a symbolic link
with that name: when run, the program will then overwrite some file
using your current privileges.  Similarly, many programs create
temporary files using generous default permissions, which may well be a
mistake.
.PP
The
.B tmpdir
program finds a secure place for temporary files, creating one if
necessary.  The criteria it uses to choose a place are as follows:
.IP 1.
The temporary directory must be owned by the user, and have mode 700
(i.e., readable, writable and searchable only by the owner).
.IP 2.
The path through the filesystem to the temporary directory must be
secure against modifications by other malicious users.  See the
.BR chkpath (1)
manual page for a description of how this is done: the two programs work
in the same way.
.PP
First,
.B tmpdir
checks to see whether the current value of the
.B TMPDIR
environment variable is a secure place for temporary files.  If so, it
is accepted immediately.  Otherwise, it tries to find or create a
directory in
.B /tmp
(on the assumption that this is a fast disk suitable for temporary
files), with the name
.BI /tmp/ user \- suffix
for some
.IR suffix .
If that fails, it tries to create a directory in your home directory,
with the name
.BI ~/tmp\- suffix\fR.
If
.I that
fails too, then
.B tmpdir
gives up: if your home directory's not secure (or full) than a secure
temporary directory is the least of your worries.
.SS OPTIONS
The following options are supported:
.TP
.B "\-b, \-\-bourne"
Output an assignment using Bourne shell syntax.  The default is to
examine the user's shell and decide which syntax to use based on that.
.TP
.B "\-c, \-\-cshell"
Output an assignment using C shell syntax.
.TP
.BI "\-v, --verify=" dir
Don't try to find a temporary directory; just see whether
.I dir
is secure, and exit successfully if it is (and unsuccessfully if it
isn't).
.SH BUGS
None known.
.SH SEE ALSO
.BR chkpath (1),
.BR tmpnam (3),
.BR tmpfile (3).
.SH AUTHOR
Mark Wooding (mdw@nsict.org).
Commit	Line	Data
efa7a97b	1	.TH tmpdir 1 "6 April 1999" "Local tools"
	2	.SH NAME
	3	tmpdir \- choose, or check a choice of, temporary directory
	4	.SH SYNOPSIS
	5	.B tmpdir
	6	.RB [ \-bc ]
	7	.RB [ \-v
	8	.IR dir ]
	9	.SH USAGE
	10	The
	11	.B tmpdir
	12	program creates a secure place for temporary files to be stored, and
	13	outputs an assignment to the
	14	.B TMPDIR
	15	variable suitable for execution by a shell.
	16	.PP
	17	Many programs aren't sufficiently careful about how they handle
	18	temporary files. For example, if a program which creates files in
	19	.B /tmp
	20	without making careful checks beforehand, a malicious user who can
	21	predict the name that the program will use can create a symbolic link
	22	with that name: when run, the program will then overwrite some file
	23	using your current privileges. Similarly, many programs create
	24	temporary files using generous default permissions, which may well be a
	25	mistake.
	26	.PP
	27	The
	28	.B tmpdir
	29	program finds a secure place for temporary files, creating one if
	30	necessary. The criteria it uses to choose a place are as follows:
	31	.IP 1.
	32	The temporary directory must be owned by the user, and have mode 700
	33	(i.e., readable, writable and searchable only by the owner).
	34	.IP 2.
	35	The path through the filesystem to the temporary directory must be
	36	secure against modifications by other malicious users. See the
	37	.BR chkpath (1)
	38	manual page for a description of how this is done: the two programs work
	39	in the same way.
	40	.PP
	41	First,
	42	.B tmpdir
	43	checks to see whether the current value of the
	44	.B TMPDIR
	45	environment variable is a secure place for temporary files. If so, it
	46	is accepted immediately. Otherwise, it tries to find or create a
	47	directory in
	48	.B /tmp
	49	(on the assumption that this is a fast disk suitable for temporary
	50	files), with the name
	51	.BI /tmp/ user \- suffix
	52	for some
	53	.IR suffix .
	54	If that fails, it tries to create a directory in your home directory,
	55	with the name
	56	.BI ~/tmp\- suffix\fR.
	57	If
	58	.I that
	59	fails too, then
	60	.B tmpdir
	61	gives up: if your home directory's not secure (or full) than a secure
	62	temporary directory is the least of your worries.
	63	.SS OPTIONS
	64	The following options are supported:
65	.TP
66	.B "\-b, \-\-bourne"
67	Output an assignment using Bourne shell syntax. The default is to
68	examine the user's shell and decide which syntax to use based on that.
69	.TP
70	.B "\-c, \-\-cshell"
71	Output an assignment using C shell syntax.
72	.TP
73	.BI "\-v, --verify=" dir
74	Don't try to find a temporary directory; just see whether
75	.I dir
76	is secure, and exit successfully if it is (and unsuccessfully if it
77	isn't).
78	.SH BUGS
79	None known.
80	.SH SEE ALSO
81	.BR chkpath (1),
82	.BR tmpnam (3),
83	.BR tmpfile (3).
84	.SH AUTHOR
85	Mark Wooding (mdw@nsict.org).