======================================================================== * README ======================================================================== What/why is mktemp? =================== Mktemp is a simple utility designed to make temporary file handling in shells scripts be safe and simple. Traditionally, people writing shell scripts have used constructs like: TFILE=/tmp/foop.$$ which are trivial to attack. If such a script is run as root it may be possible for an attacker on the local host to gain access to the root login, corrupt or unlink system files, or do a variety of other nasty things. The basic problem is that most shells have no equivalent to open(2)'s O_EXCL flag. While it is possible to avoid this using temporary directories, I consider the use of mktemp(1) to be superior both in terms of simplicity and robustness. See the man page for more information. I originally wrote mktemp(1) for the OpenBSD operating system and this version tracks any changes made to the mktemp(1) included with OpenBSD. Subsequently, many of the major Linux distributions started to include it in their distributions. I strongly encourage other OS vendors to either include mktemp(1) or something like it with their base OS. Where to get it =============== The latest version of mktemp may always be gotten via anonymous ftp from ftp.mktemp.org in the directory /pub/mktemp/. You can also find it on the web at http://www.mktemp.org/dist/. Copyright ========= Mktemp is distributed under a BSD-style license. Please refer to the `LICENSE' file included with the release for details. If you are an OS vendor who would like to bundle mktemp(1) but its license is unacceptable to you, please contact me--we can probably work something out. Web page ======== There is a mktemp `home page' at http://www.mktemp.org/ that contains on-line documentation and other information. Mailing lists ============= The mktemp-announce mailing list receives new release announcements and information about mktemp-related security issues. To subscribe, please visit the following web page: http://www.mktemp.org/mailman/listinfo/mktemp-announce Bug reports =========== If you find a bug in mktemp, please use the bug database on the web at http://www.mktemp.org/bugs/. ======================================================================== * LICENSE ======================================================================== Mktemp is distributed under the following BSD-style license: Copyright (c) 1996, 2000, 2001 Todd C. Miller All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission from the author. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Additionally, priv_mktemp.c bears the following UCB license: Copyright (c) 1987, 1993 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.