On 2013-04-22 14:00:31 -0500, Derek Martin wrote:
> > Yep, it does what's on the tin and people plain used it wrong,
> > decades of wrong, bad wrong. So it got deprecated and turned into a
> > warn to wake people up :)
>
> The problem with deprecating mktemp() it is that it serves a perfectly
> valid and useful function, which in and of itself is not insecure.
It seems that the problem is not the function (API) itself,
but broken implementations (due to the original 4.3BSD one):
the mktemp(3) man page under Linux says:
BUGS
Never use mktemp(). Some implementations follow 4.3BSD and replace
XXXXXX by the current process ID and a single letter, so that at
most 26 different names can be returned. Since on the one hand the
names are easy to guess, and on the other hand there is a race
between testing whether the name exists and opening the file, every
use of mktemp() is a security risk. The race is avoided by
mkstemp(3).
The existence of broken, insecure implementations due to history
is a good reason to avoid this function.
--
Vincent Lefèvre <[email protected]> - Web: <http://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
