bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [patch] new special variable: test argument


From: Greg Wooledge
Subject: Re: [patch] new special variable: test argument
Date: Mon, 21 Dec 2015 08:21:39 -0500
User-agent: Mutt/1.4.2.3i

On Sat, Dec 19, 2015 at 12:58:41AM +0100, Piotr Grzybowski wrote:
> #2
> touch /tmp/`date +%s`; if [ -f /tmp/`date +%s` ]; then echo "ok: $^"; fi;

This is both wrong (insecure) and clumsy.  You can't create a temp file
this way.  If the file already existed, then you're using someone else's
booby trap, because you didn't even check whether the touch succeeded.
(No, checking for the EXISTENCE of a file is not the same as checking
whether the touch command succeeded.)  Then, even if touch succeeded,
you could STILL be using a symlink to a world-writable booby trap file.

In short, you are NOT checking that the file is YOURS.  Only that it
exists.

Sadly, POSIX never saw fit to mandate a mktemp or tempfile utility.  So
there is no safe, platform-independent way to make a temporary file in
a shell script.  I know.  It's pathetic.

http://mywiki.wooledge.org/BashFAQ/062 discusses this some more.

Now, let's push all of that aside for the moment and pretend you have
a mktemp utility that works in the way Linux's mktemp does.  I.e. it
creates the file automatically, and does not require a -c argument to do
so (like HP-UX's mktemp does).

Here's your example, written properly:

tmpfile=$(mktemp) || exit
trap 'rm -f "$tmpfile"' EXIT

You see, there is no need for your $^ construct.  You have to store the
temp file's name in a variable so that it's available to the EXIT trap.
Writing out /tmp/whatever multiple times is simply not the way it's done,
and so there is no need for a syntactic shortcut to do that for you.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]