[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: patch-2.5.4: Use of mktemp?
From: |
Karl Berry |
Subject: |
Re: patch-2.5.4: Use of mktemp? |
Date: |
Sun, 6 Apr 2003 14:41:30 -0400 |
Care to give a reason why it should be changed (other than "GCC says
so" :)?
I find the warning from ld onerous and inappropriate also, but ...
from mktemp(3) (on my red hat 8.0 system):
Never use mktemp(). Some implementations follow BSD 4.3 and replace
XXXXXX by the current process id and a single letter, so that at most
26 different names can be returned. Since on the one hand the names
are easy to guess, and on the other hand there is a race between test-
ing whether the name exists and opening the file, every use of mktemp()
is a security risk. The race is avoided by mkstemp(3).