Hello,

This is an excerpt from the Linux man page for mktemp command:
"mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition it creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."

- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?

Thanks for your answer,
best regards,
Hari

As I understand it, this is a matter of an attacker being able to guess the filename (or directory name) you wish to create and thereby block it by creating it first. I am sure you can come up with complicated scenarios about how this might happen and whether (under what circumstances) it is a problem. But mktemp is trying to bypass all of that by making it extremely unlikely that an attacker could guess the name. There are probably circumstances where this is relatively unimportant while there are other circumstances where it wold be crucial. But with such a tool as mktemp available, why would you want to not use it?