On Wed, 27 Apr 2005 11:01:45 EDT, "Mike O'Dell" said: > > if i were to hazzard a guess, the reason the code doesn't use > mkstemp() is that [1] the code cited is likely well more than > twice age of mkstemp() [2]and nobody has gone looking for > things to fix that were still (apparently) working. (big grin)
For bonus points, note that even changing it to mkstemp() won't fix all the issues, because what the code currently does is to generate a filename, open it, then leak the file descriptor and pass the filename back for re-opening... So even mkstemp()'s efforts to prevent hijacking fail, because there's still a window between when mkstemp creates the file and when the code re-opens the file instead of using the file descriptor that mk*tmp returned...
pgpIzOhSnKSmq.pgp
Description: PGP signature
_______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
