> Just started installing qc-- on Debian testing, first compiling mk. > It gives me the warning, > > /farhome/hendrik/dv/lang/c--/qc--20080912/mk/src/Posix.c:284: warning: > the use of `tmpnam' is dangerous, better use `mkstemp' > > Is this something to worry about?
No. You can see the vulnerability at http://tinyurl.com/9rbj3b It's not our code, but tmpnam is probably there because it's *portable*. > If tmpnam is *reallt* dangerous, maybe the source needs changing? If it comforts you, the warning is in the code for the build system ('mk') not for QC-- itself. So at least running the C-- compiler is safe. > I'm actually surprised that cc knows this much about its libraries. Later versions of gcc really control the vertical and the horizontal. For example, you cannot write a version of 'strlen' to be used instead of what the compiler prefers. (Or at least I have not found the right combination of command-line options to permit it.) Norman _______________________________________________ Cminusminus mailing list [email protected] https://cminusminus.org/mailman/listinfo/cminusminus
