https://sourceware.org/bugzilla/show_bug.cgi?id=30969
--- Comment #2 from Sterpu Mihai <sterpumihai at gmail dot com> --- Hi Sam, The issue is that, from what I see, we now have 2 different implementations. This isn't an easy out of sync case. One might even argue that glibc's implementation is the "outdated" one as it leaks ASLR information via the temporary file names. The gnulib commit in cause, 9ce573cde017182a69881241e8565ec04e5bc728, done by Paul Eggert, states that: "While looking into this, I noticed that tempname can leak info derived from ASLR into publicly-visible file names, which is a no-no. Fix that too." Maybe it would be a good idea to involve Paul as well? -- You are receiving this mail because: You are on the CC list for the bug.
