Re: patch-2.5.4: Use of mktemp?

bug-gnu-utils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: patch-2.5.4: Use of mktemp?

From:	Karl Berry
Subject:	Re: patch-2.5.4: Use of mktemp?
Date:	Sun, 6 Apr 2003 14:41:30 -0400

    Care to give a reason why it should be changed (other than "GCC says
    so" :)?

I find the warning from ld onerous and inappropriate also, but ...
from mktemp(3) (on my red hat 8.0 system):

       Never use mktemp(). Some implementations follow BSD 4.3 and replace
       XXXXXX by the current process id and a single letter, so that at most
       26 different names can be returned. Since on the one hand the names
       are easy to guess, and on the other hand there is a race between test-
       ing whether the name exists and opening the file, every use of mktemp()
       is a security risk. The race is avoided by mkstemp(3).

[Prev in Thread]

Current Thread

[Next in Thread]

patch-2.5.4: Use of mktemp?, Petri Koistinen, 2003/04/06
- Re: patch-2.5.4: Use of mktemp?, Alfred M. Szmidt, 2003/04/06
- Re: patch-2.5.4: Use of mktemp?, Paul Eggert, 2003/04/06
- Re: patch-2.5.4: Use of mktemp?, Karl Berry <=

Prev by Date: time.texi @dircategory
Next by Date: Re: patch-2.5.4: Use of mktemp?
Previous by thread: Re: patch-2.5.4: Use of mktemp?
Next by thread: time.texi @dircategory
Index(es):
- Date
- Thread