Re: Insecure use of file in /tmp by trn

[bluca () COMEDIA IT (Luca Berra)]

On Sat, Aug 28, 1999 at 12:44:19AM -0600, Theo de Raadt wrote:
> Funny how the man page does not say that this is derived from OpenBSD.
>
> I'll include the new man page down below to show how we have improved
> both the program and the manual page since.  It's also good for people
> to actually know what the flags mean.
.....
> SYNOPSIS
>      mktemp [-d] [-q] [-u] template
...
> SEE ALSO
>      mkdtemp(3),  mkstemp(3),  mktemp(3)
Dunno for debian, redhat includes the openbsd mktemp
with the -d  option disabled since Linux libc5 and gnu
libc2 don't have the mkdtemp() call.
i dunno why, it is trivial.
besides that glibc2.0.7 has a buggy mktemp() which returns
a pointer to "\0" instead of NULL when it fails
besides that glibc2.1 changed the mk(s)temp function
so the generated filename does not anymore use the pid
name with an unique letter :(, dinna check the source for
the return value.
older glibc had problems with permission of files created with
mkstemp()

for these reason i wrote a mktemp(1) replacement that does not
call libc, if someone is interseted check
http://www.comedia.it/bluca/mktemp.c

i won't waste bandwith posting a man page (er. actually i am too lazy
to write one)

regards,
Luca

--
Luca Berra -- bluca () comedia it
    Communications Media & Services S.r.l.