| 1 | .\" -*-nroff-*- |
| 2 | .TH tmpdir 1 "6 April 1999" "Local tools" |
| 3 | .SH NAME |
| 4 | tmpdir \- choose, or check a choice of, temporary directory |
| 5 | .SH SYNOPSIS |
| 6 | .B tmpdir |
| 7 | .RB [ \-bc ] |
| 8 | .RB [ \-v |
| 9 | .IR dir ] |
| 10 | .SH USAGE |
| 11 | The |
| 12 | .B tmpdir |
| 13 | program creates a secure place for temporary files to be stored, and |
| 14 | outputs an assignment to the |
| 15 | .B TMPDIR |
| 16 | variable suitable for execution by a shell. |
| 17 | .PP |
| 18 | Many programs aren't sufficiently careful about how they handle |
| 19 | temporary files. For example, if a program which creates files in |
| 20 | .B /tmp |
| 21 | without making careful checks beforehand, a malicious user who can |
| 22 | predict the name that the program will use can create a symbolic link |
| 23 | with that name: when run, the program will then overwrite some file |
| 24 | using your current privileges. Similarly, many programs create |
| 25 | temporary files using generous default permissions, which may well be a |
| 26 | mistake. |
| 27 | .PP |
| 28 | The |
| 29 | .B tmpdir |
| 30 | program finds a secure place for temporary files, creating one if |
| 31 | necessary. The criteria it uses to choose a place are as follows: |
| 32 | .IP " 1." |
| 33 | The temporary directory must be owned by the user, and have mode 700 |
| 34 | (i.e., readable, writable and searchable only by the owner). |
| 35 | .IP " 2." |
| 36 | The path through the filesystem to the temporary directory must be |
| 37 | secure against modifications by other malicious users. See the |
| 38 | .BR chkpath (1) |
| 39 | manual page for a description of how this is done: the two programs work |
| 40 | in the same way. |
| 41 | .PP |
| 42 | First, |
| 43 | .B tmpdir |
| 44 | checks to see whether the current value of the |
| 45 | .B TMPDIR |
| 46 | environment variable is a secure place for temporary files. If so, it |
| 47 | is accepted immediately. Otherwise, it tries to find or create a |
| 48 | directory in |
| 49 | .B /tmp |
| 50 | (on the assumption that this is a fast disk suitable for temporary |
| 51 | files), with the name |
| 52 | .BI /tmp/ user \- suffix |
| 53 | for some |
| 54 | .IR suffix . |
| 55 | If that fails, it tries to create a directory in your home directory, |
| 56 | with the name |
| 57 | .BI ~/tmp\- suffix\fR. |
| 58 | If |
| 59 | .I that |
| 60 | fails too, then |
| 61 | .B tmpdir |
| 62 | gives up: if your home directory's not secure (or full) than a secure |
| 63 | temporary directory is the least of your worries. |
| 64 | .SS Options |
| 65 | The following options are supported: |
| 66 | .TP |
| 67 | .B "\-b, \-\-bourne" |
| 68 | Output an assignment using Bourne shell syntax. The default is to |
| 69 | examine the user's shell and decide which syntax to use based on that. |
| 70 | .TP |
| 71 | .B "\-c, \-\-cshell" |
| 72 | Output an assignment using C shell syntax. |
| 73 | .TP |
| 74 | .BI "\-v, --verify " dir |
| 75 | Don't try to find a temporary directory; just see whether |
| 76 | .I dir |
| 77 | is secure, and exit successfully if it is (and unsuccessfully if it |
| 78 | isn't). |
| 79 | .SH BUGS |
| 80 | None known. |
| 81 | .SH SEE ALSO |
| 82 | .BR chkpath (1), |
| 83 | .BR checkpath (3), |
| 84 | .BR tmpnam (3), |
| 85 | .BR tmpfile (3). |
| 86 | .SH AUTHOR |
| 87 | Mark Wooding (mdw@nsict.org). |