Security aware programming(13)

• Temporary files:

• open(TMP, "> /tmp/foo.$$"); # bad

• sysopen(TMP, "/tmp/foo.$$",

• O_RDWR|O_CREAT|O_EXCL, 0600); # better

• File::MkTemp: has some problems

• File::Temp (5.6.1) is much better

• File::Temp->safe_level(File::Temp::HIGH);

• ($fh, $fname) = mkstemp("/tmp/name.XXXXXX");

• unlink0($fh, $fname); # unlink in a safe manner

• File::Temp should be generalized: File::SafeOpen