Is this warning:
htpasswd.o: In function `main':
/x1/home/chuck/httpd-2.0-nightly/support/htpasswd.c(.text+0xa84): warning: tmpnam() possibly used unsafely; consider using mkstemp()
1) the sort of thing to involve apr in, or
2) should I just open()/close() the file before it really gets fopen()ed thus:
if((tmp_fd = open(tmp_name, O_RDWR|O_CREAT|O_EXCL, 0600)) < 0)
{
fprintf(stderr, "tmpfile create failure!\n");
exit(-1);
}
close(tmp_fd);which still leaves a narrow timing window of attack but is easily portable AFAICS.
3) or just rewrite the thing using open()?
It doesn't seem that big a deal to us so I'd opt for 2) which is at least a bit tighter.
Thanks, Chuck
