---
title: Using /tmp/ And /var/tmp/ Safely
+category: Interfaces
+layout: default
---
# Using `/tmp/` And `/var/tmp/` Safely
or worse: if some software creates a file or directory `/tmp/foo` then any
other software that wants to create the same file or directory `/tmp/foo`
either will fail (as the file already exists) or might be tricked into using
-untrusted files. Hence: do note use guessable names in `/tmp/` or `/var/tmp/` —
+untrusted files. Hence: do not use guessable names in `/tmp/` or `/var/tmp/` —
if you do you open yourself up to a local DoS exploit or worse. (You can get
away with using guessable names, if you pre-create subdirectories below `/tmp/`
for them, like X11 does with `/tmp/.X11-unix/` through `tmpfiles.d/`
in these directories when they are no longer needed, in particular when the
program dies unexpectedly. Note: this strategy is only really suitable for
packages that operate in a "system wide singleton" fashion with "long"
- persistance of its data or state, i.e. as opposed to programs that run in
+ persistence of its data or state, i.e. as opposed to programs that run in
multiple parallel or short-living instances. This is because a private
directory under `/run` (and the other mentioned directories) is itself
system and package specific singleton with greater longevity.
projects / thirdparty / systemd.git / blobdiff