On Fri, Jan 07, 2011 at 01:03:19PM -0700, Theo de Raadt wrote: > > Well, I'm less worried about security and also about the fact mktemp is > > deprecated so I don't think adding new uses of it is not ideal. > > mktemp(3) is not deprecated. > > It continues to be safe to use for directory creation or other > atomic file creations (success or failure; the other party opening > it is subject to a race as long as it waits to know that the parent > (nc) says it has in fact created it successfully). It is possible > to loop. > > Go through our source tree. There are things calling mktemp(3) on > purpose -- in places where mkstemp(3) cannot be used.
Fair enough. The man page seems a bit over strong, how about this? Index: mktemp.3 =================================================================== RCS file: /cvs/src/lib/libc/stdio/mktemp.3,v retrieving revision 1.45 diff -u -p -r1.45 mktemp.3 --- mktemp.3 27 Dec 2010 21:18:44 -0000 1.45 +++ mktemp.3 7 Jan 2011 20:23:00 -0000 @@ -72,12 +72,12 @@ does not actually create the temporary f opportunity during which another process can open the file instead. Because of this race condition, .Fn mktemp -should not be used in new code. +should not be used where +.Fn mkstemp +can be used instead. .Fn mktemp was marked as a legacy interface in -.St -p1003.1-2001 -and may be removed in a future release of -.Ox . +.St -p1003.1-2001 . .Pp The .Fn mkstemp