[src/trunk]: src/usr.bin/mktemp Reorganise, consolidate duplicated informatio...

[apb <apb%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/7c3ead1baef1
branches:  trunk
changeset: 782474:7c3ead1baef1
user:      apb <apb%NetBSD.org@localhost>
date:      Sun Nov 04 10:10:03 2012 +0000

description:
Reorganise, consolidate duplicated information, clarify wording,
attempt to make the man page match the actual behaviour.

diffstat:

 usr.bin/mktemp/mktemp.1 |  216 ++++++++++++++++++++++++++++-------------------
 1 files changed, 129 insertions(+), 87 deletions(-)

diffs (268 lines):

diff -r 89dc3b8c07a7 -r 7c3ead1baef1 usr.bin/mktemp/mktemp.1
--- a/usr.bin/mktemp/mktemp.1   Sun Nov 04 00:32:47 2012 +0000
+++ b/usr.bin/mktemp/mktemp.1   Sun Nov 04 10:10:03 2012 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: mktemp.1,v 1.20 2012/11/03 13:34:08 christos Exp $
+.\" $NetBSD: mktemp.1,v 1.21 2012/11/04 10:10:03 apb Exp $
 .\" From: $FreeBSD: src/usr.bin/mktemp/mktemp.1,v 1.5 1999/08/28 01:04:13 peter Exp $
 .\" From: $OpenBSD: mktemp.1,v 1.8 1998/03/19 06:13:37 millert Exp $
 .\"
@@ -31,7 +31,7 @@
 .\"
 .\" $FreeBSD: src/usr.bin/mktemp/mktemp.1,v 1.5 1999/08/28 01:04:13 peter Exp $
 .\"
-.Dd August 15, 2009
+.Dd November 4, 2012
 .Dt MKTEMP 1
 .Os
 .Sh NAME
@@ -49,115 +49,131 @@
 .Sh DESCRIPTION
 The
 .Nm
-utility takes each of the given file name templates and overwrites a
-portion of it to create a file name.
-This file name is unique and suitable for use by the application.
-The template may be any file name with some number of
-.Ql X Ns s
-appended to it, for example
-.Pa /tmp/temp.XXXX .
+utility
+is provided to allow shell scripts to safely use temporary files.
+It creates temporary files or directories using unique names,
+and prints the names.
+.Pp
+The name of each temporary file or directory is derived from a
+template that includes several trailing
+.Ql X
+characters, such as
+.Pa /tmp/prefix.XXXX .
 The trailing
-.Ql X Ns s
-are replaced with the current process number and/or a
-unique letter combination.
+.Ql X
+characters in the template are replaced by unique values derived from
+the current process number and additional letters or numbers.
+Any
+.Ql X
+characters other than at the end of the template are taken literally.
 The number of unique file names
 .Nm
-can return depends on the number of
+can return depends on the number of trailing
 .Ql X Ns s
-provided; six
+in the template; six
 .Ql X Ns s
 will result in
 .Nm
 testing roughly 26 ** 6 combinations.
 .Pp
+The templates used to create the unique names are derived from the
+.Fl t Ar prefix
+option, or the
+.Ar template
+arguments, possibly modified by other options.
+Any number of temporary files or directories may be created
+in a single invocation using multiple
+.Ar template
+arguments.
+It is possible to specify both a
+.Fl t Ar prefix
+option and one or more
+.Ar template
+arguments,
+but this is not usually done.
+.Pp
+If neither a
+.Fl t Ar prefix
+option, nor any
+.Ar template
+arguments are specified, then the default is equivalent to
+.Fl t Li mktemp .
+.Pp
 If
 .Nm
 can successfully generate a unique file name, the file
 is created with mode 0600 (unless the
 .Fl u
 flag is given) and the filename is printed to standard output.
-.Pp
-If the
-.Fl t Ar prefix
-option is given,
-.Nm
-will generate a template string based on the
-.Ar prefix
-and the
-.Ev TMPDIR
-environment variable, if set.
-The default location if
-.Ev TMPDIR
-is not set is
-.Pa /tmp .
-The default location of the temporary directory can be overridden with the
-.Fl p Ar tmpdir
-option.
-The template string created will consist of the
-.Ar prefix
-followed by a
-.So . Sc
-and an eight character unique letter combination.
-.Ql X Ns s
-in the
-.Ar prefix
-string will be treated as literal.
-If an additional
-.Ar template
-argument is passed, a second file will be created.
-Care should be taken to ensure that it is appropriate to use an
-environment variable potentially supplied by the user.
-.Pp
-Any number of temporary files may be created in a single invocation
-using multiple
-.Ar template
-arguments, also a single one based on the internal template with the
-.Fl t
-option value as filename prefix.
-.Pp
-If no arguments are passed or if only the
-.Fl d
-flag is passed
-.Nm behaves as if
-.Fl t Li tmp
-was supplied.
-.Pp
-.Nm
-is provided to allow shell scripts to safely use temporary files.
-Traditionally, many shell scripts take the name of the program with
-the pid as a suffix and use that as a temporary file name.
-This kind of naming scheme is predictable and the race condition
-it creates is easy for an attacker to win.
-A safer, though still inferior, approach
-is to make a temporary directory using the same naming scheme.
-While this does allow one to guarantee that a temporary file will
-not be subverted, it still allows a simple denial of service attack.
-For these reasons it is suggested that
-.Nm
-be used instead.
 .Sh OPTIONS
 The available options are as follows:
 .Bl -tag -width indent
 .It Fl d
 Make a directory instead of a file.
+.It Fl p Ar tmpdir
+Specifies a directory in which temporary files should be created.
+If this option is specified, then it applies to all temporary files,
+including those created as a result of a
+.Fl t Ar prefix
+option, and those created as a result of a
+.Ar template
+argument.
+.Pp
+If the
+.Fl p Ar tmpdir
+option is not specified, then
+temporary files created as a result of a
+.Fl t Ar prefix
+option will use a default temporary directory
+(as described under the
+.Fl t
+option),
+but temporary files created as a result of a
+.Ar template
+argument will not use a default temporary directory
+(so they will be created relative to the current working directory, if the
+.Ar template
+does not begin with
+.Ql \&/ ) .
+.It Fl t Ar prefix
+Generate a template using an appropriate directory name, followed by the
+supplied
+.Ar prefix ,
+followed by
+.Ql \&.XXXXXXXX .
+Any
+.Ql X
+characters in the supplied
+.Ar prefix
+are taken literally, but the trailing
+.Ql X
+characters in the appended
+.Ql \&.XXXXXXXX
+are replaced by unique values.
+.Pp
+The directory name used for the template generated by the
+.Fl t Ar prefix
+option is taken from the
+.Fl p Ar tmpdir
+option, or from the
+.Ev TMPDIR
+environment variable, or
+.Pa /tmp
+as a default.
+.Pp
+If one or more
+.Ar template
+arguments are used in addition to the
+.Fl t Ar prefix
+option, then the
+.Ar prefix
+does not apply to the
+.Ar template
+arguments.
 .It Fl q
 Fail silently if an error occurs.
 This is useful if
 a script does not want error output to go to standard error.
-.It Fl t Ar prefix
-Generate a template (using the supplied
-.Ar prefix
-and
-.Ev TMPDIR
-if set) to create a filename template.
-If
-.Fl t Ar prefix
-and
-.Ar template
-are both given,
-.Ar prefix
-will not apply to
-.Ar template .
 .It Fl u
 Operate in
 .Dq unsafe
@@ -170,6 +186,32 @@
 but still introduces a race condition.
 Use of this option is not encouraged.
 .El
+.Sh NOTES
+.Nm
+takes care to create the files or directories in a way that is
+safe from race conditions (provided the
+.Fl u
+option is not used).
+.Pp
+Traditionally, without
+.Nm ,
+many shell scripts created temporary files
+using the name of the program with
+the pid as a suffix.
+This kind of naming scheme is predictable and creates a race condition that
+allows an attacker to subvert the program by
+creating a different file, directory, or symbolic link
+under the same name.
+A safer, though still inferior, approach
+is to make a temporary directory using the same naming schem
+While this does allow one to guarantee that a temporary file will
+not be subverted, it still allows a simple denial of service attack.
+For these reasons it is recommended that
+.Nm
+should be used instead of simpler schemes.
+.Pp
+Care should be taken to ensure that it is appropriate to use an
+environment variable potentially supplied by the user.
 .Sh EXIT STATUS
 The
 .Nm