diff options
author | Michael Biebl <biebl@debian.org> | 2022-06-28 16:05:31 +0200 |
---|---|---|
committer | Michael Biebl <biebl@debian.org> | 2022-06-28 16:05:31 +0200 |
commit | e2285c573565c41a01fc643c3d3bad35376eb41b (patch) | |
tree | 1facfced742b26c1b1c804a6326b6f712b63d185 /docs/TEMPORARY_DIRECTORIES.md | |
parent | 41d6f3bf4d6de680a2d7b735690d655bc2f00944 (diff) | |
download | systemd-e2285c573565c41a01fc643c3d3bad35376eb41b.tar.gz |
Use https for man7.org
Diffstat (limited to 'docs/TEMPORARY_DIRECTORIES.md')
-rw-r--r-- | docs/TEMPORARY_DIRECTORIES.md | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/docs/TEMPORARY_DIRECTORIES.md b/docs/TEMPORARY_DIRECTORIES.md index c703651791..4e815ed4d2 100644 --- a/docs/TEMPORARY_DIRECTORIES.md +++ b/docs/TEMPORARY_DIRECTORIES.md @@ -44,15 +44,15 @@ installation during runtime is permitted.) To protect yourself against these kinds of attacks Linux provides a couple of APIs that help you avoiding guessable names. Specifically: -1. Use [`mkstemp()`](http://man7.org/linux/man-pages/man3/mkstemp.3.html) +1. Use [`mkstemp()`](https://man7.org/linux/man-pages/man3/mkstemp.3.html) (POSIX), `mkostemp()` (glibc), - [`mkdtemp()`](http://man7.org/linux/man-pages/man3/mkdtemp.3.html) (POSIX), - [`tmpfile()`](http://man7.org/linux/man-pages/man3/tmpfile.3.html) (C89) + [`mkdtemp()`](https://man7.org/linux/man-pages/man3/mkdtemp.3.html) (POSIX), + [`tmpfile()`](https://man7.org/linux/man-pages/man3/tmpfile.3.html) (C89) -2. Use [`open()`](http://man7.org/linux/man-pages/man2/open.2.html) with +2. Use [`open()`](https://man7.org/linux/man-pages/man2/open.2.html) with `O_TMPFILE` (Linux) -3. [`memfd_create()`](http://man7.org/linux/man-pages/man2/memfd_create.2.html) +3. [`memfd_create()`](https://man7.org/linux/man-pages/man2/memfd_create.2.html) (Linux; this doesn't bother with `/tmp/` or `/var/tmp/` at all, but uses the same RAM/swap backing as `tmpfs` uses, hence is very similar to `/tmp/` semantics.) @@ -113,7 +113,7 @@ strategies to avoid these issues: 3. 🥇 Operate below a sub-directory of `/tmp/` and `/var/tmp/` you created, and take a BSD file lock ([`flock(dir_fd, - LOCK_SH)`](http://man7.org/linux/man-pages/man2/flock.2.html)) on that + LOCK_SH)`](https://man7.org/linux/man-pages/man2/flock.2.html)) on that sub-directory. This is particularly interesting when operating on more than a single file, or on file nodes that are not plain regular files, for example when extracting a tarball to a temporary directory. The ageing @@ -126,7 +126,7 @@ strategies to avoid these issues: this when decompressing tarballs that contain files with old modification/access times, as extracted files are otherwise immediately candidates for deletion by the ageing algorithm. The - [`flock`](http://man7.org/linux/man-pages/man1/flock.1.html) tool of the + [`flock`](https://man7.org/linux/man-pages/man1/flock.1.html) tool of the `util-linux` packages makes this concept available to shell scripts. Note that `systemd-tmpfiles` only checks for BSD file locks on directories, locks on other types of file nodes (including regular files) are not considered. @@ -217,7 +217,7 @@ packages instead use `/dev/shm/` for temporary files during early boot; this is not advisable however, as it offers no benefits over a private directory in `/run/` as both are backed by the same concept: `tmpfs`. The directory `/dev/shm/` exists to back POSIX shared memory (see -[`shm_open()`](http://man7.org/linux/man-pages/man3/shm_open.3.html) and +[`shm_open()`](https://man7.org/linux/man-pages/man3/shm_open.3.html) and related calls), and not as a place for temporary files. `/dev/shm` is problematic as it is world-writable and there's no automatic clean-up logic in place.) |