This is the mail archive of the
newlib@sourceware.org
mailing list for the newlib project.
Re: [PATCH] Warn when using mktemp
On Mar 13 14:27, Brooks Moses wrote:
> Corinna Vinschen wrote, at 3/13/2009 1:49 PM:
> > +NOTES
> > +Never use <<mktemp>>. The generated filenames are easy to guess and
> > +there's a race between the test if the file exists and the creation
> > +of the file. In combination this makes <<mktemp>> prone to attacks
> > +and using it is a security risk. Whenever possible use <<mkstemp>>
> > +instead. It doesn't suffer the race condition.
> > +
>
> I find "race" a bit misleading [...]
the word "race" is used in all man pages I saw. I just tried to find
my own text so as not to copy a foreign man page.
Corinna
--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat