Best Practices for Secure Programming
Temp Files
Sometimes apps need temporary files -- handle with care
- More of a problem on Unix systems, due to public temp areas
and symlinks (overwriting attacks)
- Use temp files sparingly
- Use private temp areas if possible
- If you must use a public temp area, create a directory with
restrictive permissions, and create files there
- Use the O_EXCL|O_CREAT flags to avoid opening a file that shouldn't
be there
- Create random file names if possible
- Use a library routine like mkstemp() (not mktemp()) to create your temp files