peter wrote: > use mkstemp() but still allow the rest of the code to reopen > the temporary file by name, you've shut the linker up but > not completely closed the security hole. See > http://www.mail-archive.com/[email protected]/msg01380.html
huh. i was just about to suggest that. replacing mktemp with a version that uses a user-only directory (and the routine could check the permissions) seems like the best solution. or, such a directory could be created in /tmp when the command starts -- but cleanup might be more of an issue in that case. paul =--------------------- paul fox, [email protected] (arlington, ma, where it's 30.6 degrees) _______________________________________________ Nmh-workers mailing list [email protected] http://lists.nongnu.org/mailman/listinfo/nmh-workers
