Preface
Temporary files are often needed in our daily development. This article introduces the relevant content about the establishment and use of temporary files of Shell. We will share it for your reference and learning. Without further ado, let’s take a look at the detailed introduction:
Although using pipelines can eliminate the need to create temporary files, sometimes temporary files are useful. What makes UNIX different from other operating systems is that it doesn't have the idea of magically deleting files that are no longer needed. Instead, two special directories are provided: /tmp and /var/tmp (the old system is: /usr/tmp). These files can be stored normally and will not mess up the general directories when they are not cleaned up. /tmp on most systems will be cleared when the system is powered on, but it still needs to exist when rebooting under /var/tmp, because some text editing programs will store their backup files here, so that the system can be damaged to restore data.
Because the /tmp directory is frequently used, some systems will place it in a resident memory file system for quick access, as in the following example:
root@localhost:~/training# df /tmp Filesystem 1K-blocks Used Available Use% Mounted on swap 568048704 10772216 528398256 2% /tmp
Place the file system in the replacement space area to indicate that it exists in memory and part of the data will not be written to the replacement space until the memory resources are exhausted.
To ensure that temporary files are deleted when the task is completed, programmers who compile the language can first open the file and then issue an unlink() system call. Doing so will delete the file immediately, but because it is still on, you can continue to access until the file is closed or the work is over, as long as one of them happens first. Tips for unconnecting after opening generally cannot run under non-UNIX operating systems, as does external file systems loading on directories in UNIX file systems, and it cannot be used in most scripting languages.
$$ variable
A shared directory or multiple execution instances of the same program may cause file name conflicts. The traditional practice in shell scripts is to use process IDs, which can be obtained in the shell variable $$ and constructed into part of the temporary file name. To resolve the possibility of problems with a complete temporary file name, you can override the directory name with an environment variable, usually TMPDIR. In addition, you should also use the trap command, requiring the temporary file to be deleted when the work is completed. Therefore, the common shell scripts start as follows:
umask 077 # Delete all access rights from others other than the userTMPFILE=${TMPDIR-/tmp}/myprog.$$ # Generate temporary file namestrap 'rm -f $TMPFILE' EXIT # Delete temporary files when finished
mktemp program
File names like /tmp/myprog.$$ will have this problem: It's so easy to guess! An attacker only needs to list the directory a few times when the target program executes to find out which temporary files it is using. By pre-establishing appropriately specified files, an attacker can make your program fail or read fake data, or even reset file permissions to facilitate the attacker to read files.
When dealing with such security issues, the file name must be unpredictable. Both BSD and GUN/Linux systems provide mktemp commands for users to create temporary file names that are difficult to guess. Although the underlying mktemp() function library calls have been standardized by POSIX, the mktemp command does not. If your system does not have mktemp, we recommend you install the portable version of OpenBSD
mktemp uses a filename template (optional) with ending X characters, and we recommend using at least 12 Xs. The program will replace them with files or numeric strings generated from random numbers and process IDs. The created file name is not allowed to be accessed by others, and then print the file name on the flag output. Here we look at the use of mktemp:
# TMPFILE=`mktemp /tmp/` || exit 1 # Create a unique temporary file# ls -l $TMPFILE # List temporary files-rw------- 1 root root 0 8moon 28 18:57 /tmp/myprog.yW0oosXxljx5
The process number can be seen at the end of the file name, but it cannot be predicted at all. When a temporary file cannot be created or mktemp is not available, the conditional exit command ensures that the program is terminated immediately and the error output is output.
The latest version of mktemp allows templates to be omitted; it will use /tmp/. However, older versions still require templates, so please avoid this omission for your shell version.
To avoid directly encoding directory names in the program, you can use the -t option: Let mktemp use the directory specified by the environment variable TMPDIR or /tmp, -d option requires the creation of a temporary directory:
root@localhost:/tmp# DIR=`mktemp -d -t ` || exit 1 # Create a temporary directoryroot@localhost:/tmp# ls -lFd $DIR drwx------ 2 root root 4096 8moon 28 19:06 /tmp/myprog.Hayy9pDnDBEB/ # List the directory itself
Since the group and others cannot access the directory, the attacker has no way to know the name of the file you continue to put in, but if your version is open to public reading, of course, it is still possible to guess it! Since the directory cannot be listed as a list, an attacker without permission cannot confirm his guess.
/dev/random and /dev/urandom special files
Some systems provide two random pseudo-dev/random and /dev/urandom. These are now available only on BSD systems, GUN/linux, IBM AIX 5.2, Mac OS X and Sun Solaris 9, with two third-party instances and early Solaris versions of computing trimming programs. The task of these devices is to provide a never-empty random byte data stream: such a data source is needed by many encryption programs and security applications. Although there are already many simple algorithms that can generate such virtual random data streams, it is actually very difficult to generate a real random data.
The difference between these two devices will be blocked in /dev/random until the random numbers generated by the system are sufficient, so it can ensure high-quality random numbers. Relatively, /dev/urandom will not deadlock, and its data is not very random.
Since these devices are shared resources, an attacker can easily load a denial of service, blocking /dev/random by reading the device and discarding data. Now compare these two devices, please note the difference between them under the count parameter:
root@localhost:/tmp# time dd count=1 ibs=1024 if=/dev/random > /dev/null # Read 1KB of random code element ancestor0+1 records in 0+1 records out 110 bytes (110 B) copied, 0.000108837 s, 1.0 MB/s root@localhost:/tmp# time dd count=1024 ibs=1024 if=/dev/urandom > /dev/null # Read 1MB of random code element ancestor1024+0 records in 2048+0 records out 1048576 bytes (1.0 MB) copied, 0.0832226 s, 12.6 MB/s
The more /dev/random is read, the slower it responds. We used these two devices to test on several systems and found that it took more than one day to extract 10MB of data from /dev/random. And /dev/urandom executes on our fastest system and produces the same data in three seconds.
Both of these pseudo-devices can replace mktemp and become an alternative to producing unpredictable temporary file names:
$ TMPFILE=/tmp/secret.$(cat /dev/urandom | od -x | tr -d ' ' | head -n 1) $ echo $TMPFILE /tmp/secret.00000003ba2c845df949a7535088c8805479fdf
Here we read the binary byte data stream from /dev/urandom, convert it to hexadecimal with od, use tr to remove the spaces, and then stop when one line is full. Because od converts each output line to 16 bytes, it provides 16 * 8 = 128 random bits, or 2 to the power of 128, a possible secondary file name. If the file name is built in a directory that can only be listed by the user, then the attacker has no way to guess!
Summarize
The above is the entire content of this article. I hope the content of this article will be of some help to your study or work. If you have any questions, you can leave a message to communicate. Thank you for your support.