Dangerous behaviour of mktemp when unknown flags are used
Michael Conrad
mconrad at intellitree.com
Tue Apr 17 21:01:57 UTC 2012
On 04/17/2012 02:30 PM, Rich Felker wrote:
> On Tue, Apr 17, 2012 at 03:48:20PM +0200, Denys Vlasenko wrote:
>> On Tue, Apr 10, 2012 at 4:24 AM, John Spencer
>> <maillist-busybox at barfooze.de> wrote:
>>> (this is busybox 1.19.2)
>>>
>>> /src/build/zlib-1.2.6/Makefile:tempfile := $(shell mktemp -u __XXXXXX)
>>>
>>> mktemp: illegal option: u
>>> BusyBox v1.19.2 (2012-04-08 20:17:39 GMT) multi-call binary.
>>>
>>> Usage: mktemp [-dt] [-p DIR] [TEMPLATE]
>>>
>>> ....
>>>
>>> zlibs Makefile uses mktemp -u without testing if it returns a result and
>>> then happily uses the variable to delete and create stuff.
>>>
>>> i don't think it's a good idea that the binary doesn't ignore (or only warn
>>> about the wrong config on stderr) and still return some usable string to the
>>> caller.
>> It doesn't return anything:
>>
>> $ busybox mktemp -u 2>/dev/null
>> <nothing>
>> $
>>
>> The entire output went to stderr. None is on stdout.
>> This is as correct handling of unknown option as it can get.
> That's the entire issue he was reporting. Since the normal usage of
> mktemp with -u is something like var=$(mktemp -u), it's very dangerous
> for the output to be an empty string. It's possible to check for
> errors, and one probably should, but plenty of low-quality scripts
> don't and the shell does not make it particularly easy to do so. (The
> simplest solution I can think of for a script would be
>
> var=$(mktemp -u || echo /dev/null/invalid/path)
>
> where the fallback is chosen to be something that's guaranteed by
> POSIX not to work.
Considering that mktemp has an inherent possibility of failure, I think
checking failure of the command is the *only* correct usage. And it
isn't hard at all: You can check $? or test the length of the variable
or set a default on the next line. Makefile are less convenient, but as
you showed, it isn't hard.
Also, why is it so dangerous? It doesn't exist, so you have to create
it, and mkdir and touch and shell redirection all fail with a missing
argument. (ending the make process, if you've written the makefile
correctly) and you'll have a handy message on stdout to help you find
the problem.
-Mike
More information about the busybox
mailing list