> I raised the severity to critical as a lot of shell scripts > in Debian rely on this data being random.
Why is that important? The purpose of mktemp is to return a unique filename and to actually create the file. Can you describe an attack based on the non-randomness of the filename? Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]