in reply to Create unique scratchdir name

The returned value from this function is highly predictive and as such could easily be hijacked by users with maligned intent - This issue is discussed and referenced in Using Temporary Files in Perl.

A better approach for temporary or unique file or directory name generation would be to make use of the exported *BSD, glibc and POSIX functions of File::Temp, which has be incorporated as a core module in 5.7.x.

 

Replies are listed 'Best First'.
Re: Create unique scratchdir name
by cLive ;-) (Prior) on May 13, 2002 at 09:44 UTC
    Rob,

    you're assuming that's an issue. It might not be - depends on context. Eg, a daily scan of a log file? useful and not a problem.

    hsinclai, you can call localtime in array context. Doing so, an optimisation of the above might be: 

    sub makename {
  my @time = localtime();
  return sprintf("%04d-%02d-%02d_%02d:%02d:%02d", $time[5]+1900, $time
+[4]+1, @time[3,2,1,0]); 
}

    [download]

    Update: thanks I0 - oops.

    --
    seek(JOB,$$LA,0);

[reply]
[d/l]
      Young Jedi, have you forgotten all that was taught to you? Never underestimate the power of the dark side - or forever will it hold you in its grasp.

      Plug those security holes, even if you believe that Jimi Hendrix in a pink UFO would sooner crash into your living room than this hole be exploited.

      --
      Ash OS durbatulk, ash OS gimbatul,
      Ash OS thrakatulk, agh burzum-ishi krimpatul!
      Uzg-Microsoft-ishi amal fauthut burguuli.

[reply]
        <rant>

        forget security i not did. Did you read my comment? i said it would depend on circumstance. Feel free to enlighten me on the security reisk in the following...

        Let's say I'm using this to name a log file created from a cron job once a day? What's the security hole?

        Let's say i use it to name a backup tar file?

        Let's say i have a box that only has SSH entry. Don't you think if a hacker got into that I'd be a little more worried about the fact that the'd got in than the fact that they can change a filename?

        Everything has a security hole if you someone gets in as root, but sometimes it just doesn't matter. When i write a script on my Windows box that runs once a day to backup stuff, do i worry about security? No, because if someone's on my box and can change my data, security of that script is a mute issue.

        Not everything in Perl's on a web server.

        Or to continue in the quote vein, "Even a monkey can read Nietche, he just doesn't understand it either." - Jamie Lee Curtis in a Fish Called Wanda.

        </rant>

        .02

        cLive ;-)

        --
        seek(JOB,$$LA,0);

[reply]
      You mean @time[3,2,1,0]
[reply]
[d/l]
      My fault for not putting that in context; part of utility script in a trusted environment..
      Thanks for the snippet too. 
      $Id: .signature,v .99 Sun May 12 19:48:45 2002 hsinclai Exp $
Program terminated
{7} abnormal   CONTACT YOUR SUPERVISOR

      [download]
[reply]
[d/l]

In Section Cool Uses for Perl