The method of building and using temporary files in shell

Time:2020-1-14

Preface

In our daily development, we often need to use temporary files. In this paper, we will introduce the relevant contents about the establishment and use of temporary files in shell, and share them for your reference and study. Let’s have a look at the detailed introduction together

Although the need to create temporary documents can be avoided by using pipelines, sometimes temporary documents can be used. What makes UNIX different from other operating systems is that it doesn’t have the idea of trying to magically delete files that are no longer needed. Instead, two special directories are provided: TMP and / var / TMP (the old system is / usr / tmp). These files can be stored normally and will not mess up the general directory when they are not cleaned up. Most of the / TMP on the system will be cleared when the system is powered on, but it still needs to exist when the system is rebooted under / var / tmp, because some text editing programs will store their backup files here, so that the system can be used to recover data after being damaged.

Because the / tmp directory is frequently used, some systems will put it in the file system of resident memory type for quick access, such as the following example:


[email protected]:~/training# df /tmp 
Filesystem     1K-blocks  Used Available Use% Mounted on 
swap      568048704 10772216 528398256 2% /tmp 

Putting the file system in the replacement space area means that it exists in memory, and some data will not be written to the replacement space until the memory resources are exhausted.

To ensure that the temporary files will be deleted when the task is completed, the compiler can open the files first and then issue the unlink () system call. Doing so will immediately delete the file, but because it is still open, access can continue until the file is closed or the work is finished, as long as one of them occurs first. Generally speaking, the skill of disconnection after opening cannot run under the non UNIX operating system, the same is true for the external file system loaded on the directory of UNIX file system, and it cannot be used in most scripting languages.

$variable

The shared directory or multiple execution instances of the same program may cause file name conflicts. The traditional method in shell script is to use process ID, which can be obtained in shell variable $$, and constructed as part of temporary file name. To solve the possibility of a complete temporary filename problem, you can override the directory name with the environment variable, usually TMPDIR. In addition, you should also use the trap command to delete temporary files when the work is finished. Therefore, the common shell script starts as follows:

Umask 077 ා delete all access rights of people other than users 
Tmpfile = ${TMPDIR - / tmp} / myprog 
Trap 'RM - f $tmpfile' exit - delete temporary files when complete

Mktemp program

File names like / TMP / myprog. $$have this problem: good guess! An attacker only needs to list the directory a few times when the target program executes to find out which temporary files it is using. By establishing the appropriate specified file in advance, the attacker can let your program fail or read the forged data, or even reset the file permissions, so that the attacker can read the file easily.

When dealing with such security issues, the filename must be unpredictable. Both BSD and gun / Linux systems provide mktemp commands for users to create unpredictable temporary file names. Although the underlying mktemp() library call has been standardized by POSIX, the mktemp command does not. If your system does not have mktemp, we recommend that you install a portable version of OpenBSD

Mktemp uses a filename template (optional) with an end X character, and we recommend at least 12 x’s. The program will replace them with files or numeric strings generated from random numbers and process IDs. The established file names are not allowed to be accessed by other people, and then the file names will be printed on the flag output. Here is the use of mktemp:

#Tmpfile = ` mktemp / TMP / myprog. XXXXXXXXXX ` | Exit 1 ා create a unique temporary file 
#LS - L $tmpfile - list temporary files 
-RW ------ 1 root 0 August 28 18:57 / TMP / myprog.yw0oosxljx5

The process number can be seen at the end of the file name, but it can’t be predicted at all. When a temporary file cannot be created or there is no mktemp available, the conditional exit command ensures that the program is terminated immediately and the error output is brought out.

The latest version of mktemp allows templates to be omitted; it uses / TMP / tmp.xxxxxxxxx. However, older versions still require templates, so avoid this omission in your shell version

To avoid directly encoding the directory name in the program, use the – t option: let mktemp use the directory specified by the environment variable TMPDIR or / tmp, and the – D option requires the establishment of a temporary directory:

Root @ localhost: / tmpා dir = ` mktemp - D - t myprog.xxxxxxxxxxx ` | Exit 1 ා create temporary directory 
[email protected]:/tmp# ls -lFd $DIR 
Drwx ------ 2 root 4096 August 28 19:06 / TMP / myprog.hayy9pdndbe / ා list directory itself

Because the group and other people can’t access the directory, the attacker can’t know the name of the file you continue to put in, but if your version is open for public reading, of course, it may be guessed! Since directories cannot be listed, an attacker without permission cannot confirm his guess.

/Special files for dev / random and / dev / urandom

Some systems offer two types of random pseudo devices: dev / random and / dev / random. At present, this support is only available on BSD system, gun / Linux, IBM AIX 5.2, Mac OS X and sun Solaris 9, with two third-party instances and earlier Solaris versions of the calculation finisher. The task of these devices is to provide a random byte data stream that is never empty: such a data source is required by many encryption programs and security applications. Although there are many simple algorithms to generate this kind of virtual random data flow, it is actually very difficult to generate a real random data.

The difference between the two devices will be blocked in / dev / random until the random number generated by the system is sufficient, so it can ensure high-quality random number. In contrast, / dev / urandom does not deadlock and its data is not highly random.

Since these devices are shared resources, attackers can easily load a denial of service, blocking / dev / random by reading the device and discarding the data. Now compare the two devices, and notice the difference between them under the count parameter:

Root @ localhost: / tmp × time DD count = 1 IBS = 1024 if = / dev / random > / dev / null × read 1KB random symbol ancestor 
0+1 records in 
0+1 records out 
110 bytes (110 B) copied, 0.000108837 s, 1.0 MB/s 
Root @ localhost: / tmp × time DD count = 1024 IBS = 1024 if = / dev / urandom > / dev / null × read 1MB random symbol ancestor 
1024+0 records in 
2048+0 records out 
1048576 bytes (1.0 MB) copied, 0.0832226 s, 12.6 MB/s

/The more dev / random is read, the slower its response. We use these two devices to test on several systems and find that it takes a day or more to extract 10MB data from / dev / random. And / dev / urandom runs on our fastest system, producing the same data in three seconds.

Both of these pseudo devices can replace mktemp as an alternative to generating unpredictable temporary file names:


$ TMPFILE=/tmp/secret.$(cat /dev/urandom | od -x | tr -d ' ' | head -n 1) 
$ echo $TMPFILE 
/tmp/secret.00000003ba2c845df949a7535088c8805479fdf 

Here, we read the binary byte data stream from / dev / urandom, convert it to hexadecimal with OD, remove the space with TR, and then stop when the line is full. Because od converts each output line to 16 bytes, it provides 16 * 8 = 128 random bits, or the 128 power of 2, a possible secondary file name. If the filename is set up in a directory that can only be listed by the user, the attacker cannot guess!

summary

The above is the whole content of this article. I hope that the content of this article can bring some help to your study or work. If you have any questions, you can leave a message and communicate with us. Thank you for your support for developpaer.