On 2008-08-15 21:16 +0200, Andrei Popescu wrote: > On Fri,15.Aug.08, 16:05:13, Sven Joachim wrote: >> However, Nico Golde informed me that mktemp has a `-u' switch which will >> unlink the file before mktemp exits. If you use that, the easy-to-guess >> filename becomes a severe problem. > > I must be dense, could you please elaborate on how this can be a > problem?
It opens precisely the can of worms that mktemp was supposed to close, see the mktemp(1) and mktemp(3) manpages. Look for "symlink attack" in your preferred Web search engine. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
