On 2008-08-15 12:13 +0200, Sven Joachim wrote: > Well, I don't think this is a serious problem, since mktemp will create > a different file if the one with the pid already exists. The > predictability of the file name is not nice, but it is only a security > problem if you create the file in a world-writable directory that does > not have the sticky bit set. And in such directories, you're subject to > all kinds of race conditions anyway.
However, Nico Golde informed me that mktemp has a `-u' switch which will unlink the file before mktemp exits. If you use that, the easy-to-guess filename becomes a severe problem. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
