Many coders do not think that creating temporary files in a secure way is important, especially in shell scripts. It’s just a temporary file, they might say. But a simple symbolic link exploit could make the whole system unusable.
Let’s take a look at how this exploit works. Most often temporary files are created as follows within shell scripts.
command /path/to/file > /tmp/tempfile
An attacker, who knows the name of the temporary file, could just create a symbolic link of that file to a system file. For example, create a symbolic link /tmp/tempfile that points to /bin/bash.
# ls -l /tmp lrwxrwxrwx 1 ibrahim users 6 Jan 22 22:55 tempfile -> /bin/bash
Now, if the script is run again (assuming with root privileges), the /bin/bash shell will get overwritten, making the system unusable.