Many coders do not think that creating temporary files in a secure way is important, especially in shell scripts. It’s just a temporary file, they might say. But a simple symbolic link exploit could make the whole system unusable.

Let’s take a look at how this exploit works. Most often temporary files are created as follows within shell scripts.

command /path/to/file > /tmp/tempfile

An attacker, who knows the name of the temporary file, could just create a symbolic link of that file to a system file. For example, create a symbolic link /tmp/tempfile that points to /bin/bash.

# ls -l /tmp
lrwxrwxrwx  1 ibrahim users     6 Jan 22 22:55 tempfile -> /bin/bash

Now, if the script is run again (assuming with root privileges), the /bin/bash shell will get overwritten, making the system unusable.