Re: [Nmh-workers] Diffs for replacing mktemp() usage

[Peter Maydell]

Earl Hood wrote:
>The goal was to minimize the amount of re-coding, so the new functions
>attempt to provide the basic capabilities of the older functions,
>but using mkstemp() under the hood vs mktemp().  It seems the much
>code has a heavy reliance on being able to access the actual pathnames
>of temporary files vs just having an open handle to it.

Yes, this is why it's difficult to fix :-). Unfortunately, if you
use mkstemp() but still allow the rest of the code to reopen
the temporary file by name, you've shut the linker up but
not completely closed the security hole. See
http://www.mail-archive.com/address@hidden/msg01380.html

So I would vote against (the tempfile related parts of) this patch.

-- PMM