From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50966) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WhhXJ-0000qM-To for qemu-devel@nongnu.org; Tue, 06 May 2014 11:44:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WhhXE-00055o-RG for qemu-devel@nongnu.org; Tue, 06 May 2014 11:44:05 -0400 Message-ID: <5369033D.5060505@redhat.com> Date: Tue, 06 May 2014 09:43:57 -0600 From: Eric Blake MIME-Version: 1.0 References: <1399382220-14874-1-git-send-email-peter.maydell@linaro.org> <5368F36B.3040804@redhat.com> In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="20KhJ8sUQuhFnobkNOGw1tFwvEd3HBAsS" Subject: Re: [Qemu-devel] [PATCH] configure: Put tempfiles in subdir so we can clean up libtool files List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Peter Maydell Cc: QEMU Trivial , Paolo Bonzini , QEMU Developers , Don Slutz , Patch Tracking This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --20KhJ8sUQuhFnobkNOGw1tFwvEd3HBAsS Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/06/2014 08:53 AM, Peter Maydell wrote: >> # Create a (secure) tmp directory for tmp files. >> >> { >> tmp=3D`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && >> test -d "$tmp" >> } || >> { >> tmp=3D./conf$$-$RANDOM >> (umask 077 && mkdir "$tmp") >> } || as_fn_error $? "cannot create a temporary directory in ." "$LINEN= O" 5 >> ac_tmp=3D$tmp >=20 > Yuck. >=20 >> The use of $$ and $RANDOM is safe (even on shells that lack $RANDOM) >> because of the fact that mkdir is atomic and the umask is correctly se= t >> prior to the mkdir. >=20 > I dislike the use of $RANDOM, because it means we behave > inconsistently. If it's OK for $RANDOM to expand to "" then we > should just not use it at all, because that's OK and the same > everywhere. It's okay for $RANDOM to expand to "" in the fallback code, for the platforms that lack mktemp(1); most developers are on a platform that have mktemp. The use of $RANDOM makes it harder for an attacker to pre-create a competing file by the same name, but does not add any security; so omitting $RANDOM for the fallback path doesn't hurt if you are that bothered by seeing it present in a dash script. >=20 > Similarly, if it's OK not to use mktemp on some systems, > we should use the same non-mktemp code everywhere. The fallback is not ideal, but tolerable. It's still better to try and use mktemp where it exists. >=20 > We could sidestep this rubbish by not trying to put our temp > files in /tmp/, and instead just put them in the build directory > (ie ./conf-temps/ or something similar, which we blow away > and recreate every time). Yes, using a different location for temporary files and avoiding /tmp might also work. --=20 Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org --20KhJ8sUQuhFnobkNOGw1tFwvEd3HBAsS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Public key at http://people.redhat.com/eblake/eblake.gpg Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJTaQM9AAoJEKeha0olJ0NqBu0IAIyJD/O0iBcdHa/jtYO6r0b1 VPD/x73CjBPXjOywzYhfvwrZadVBS6hC4fTieurKUOJH2SHKjl54p74WuqR7DIxJ QsuuPbLniMExTJKv9SzXD5w1eU4gWfSfUWbbcrJFvs2HjqwOR9biw+PRwutxnuTS InV3E4N0Syqh8i1MdZkcBUJUyYLkcYo/Fxs1To9XwGyY9NZq8MgQzAEirluaDLNq EyWEYfdNEfTJWBr9u7LgRbzShh6+3U414VxmPyqG15whYqWssLv1Pwy4XHvfLCRs /itL8Nz72xyZBYS9XiTNZ7oX6CeMVehPUGbUVvlnAzjGtNbTMeQe3HH5fuihWFA= =YBtU -----END PGP SIGNATURE----- --20KhJ8sUQuhFnobkNOGw1tFwvEd3HBAsS--