Yes, we use this method on many places in OpenBSD. Like in mkdep(1).
In other shell scripts, we use our mktemp(1) program. I'm including a
man page so that you can see how to use it...
Anyways, these are important problems to solve. But don't just think
of your shell scripts -- check the regular C programs too. We fixed
roughly 400-500 /tmp races in the OpenBSD tree.
It's one kind of security issue when a symlink is used to whack root,
but it's also a security issue when one user can cause another user's
.login file to get squished. So most of them have been fixed. A few
small ones lurk. (Some are very hard to fix).
----
NAME
mktemp - make temporary file name (unique)
SYNOPSIS
mktemp [-d] [-q] [-u] template
DESCRIPTION
The mktemp utility takes the given file name template and overwrites a
portion of it to create a file name. This file name is unique and suit-
able for use by the application. The template may be any file name with
some number of `Xs' appended to it, for example /tmp/temp.XXXX. The
trailing `Xs' are replaced with the current process number and/or a
unique letter combination. The number of unique file names mktemp can
return depends on the number of `Xs' provided; six `Xs' will result in
mktemp testing roughly 26 ** 6 combinations.
If mktemp can successfully generate a unique file name, the file is cre-
ated with mode 0600 (unless the -u flag is given) and the filename is
printed to standard output.
OPTIONS
The available options are as follows:
-d Make a directory instead of a file.
-q Fail silently if an error occurs. This is useful if a script
does not want error output to go to standard error.
-u Operate in ``unsafe'' mode. The temp file will be unlinked be-
fore mktemp exits. This is slightly better than mktemp(3) but
still introduces a race condition. Use of this option is not en-
couraged.
RETURN VALUES
The mktemp utility exits with a value of 0 on success, and 1 on failure.
EXAMPLES
The following sh(1) fragment illustrates a simple use of mktemp where the
script should quit if it cannot get a safe temporary file.
TMPFILE=`mktemp /tmp/$0.XXXXXX` || exit 1
echo "program output" >> $TMPFILE
In this case, we want the script to catch the error itself.
TMPFILE=`mktemp -q /tmp/$0.XXXXXX`
if [ $? -ne 0 ]; then
echo "$0: Can't create temp file, exiting..."
exit 1
fi
Note that one can also check to see that $TMPFILE is zero length instead
of checking $?. This would allow the check to be done later one in the
script (since $? would get clobbered by the next shell command).
SEE ALSO
mkstemp(3), mktemp(3)
HISTORY
The mktemp utility appeared in OpenBSD.
OpenBSD 2.1 November, 20, 1996 1