peter wrote:
use mkstemp() but still allow the rest of the code to reopen
the temporary file by name, you've shut the linker up but
not completely closed the security hole. See
http://www.mail-archive.com/nmh-workers(_at_)nongnu(_dot_)org/msg01380.html
huh. i was just about to suggest that. replacing mktemp with a
version that uses a user-only directory (and the routine could
check the permissions) seems like the best solution. or, such a
directory could be created in /tmp when the command starts -- but
cleanup might be more of an issue in that case.
paul
=---------------------
paul fox, pgf(_at_)foxharp(_dot_)boston(_dot_)ma(_dot_)us (arlington, ma,
where it's 30.6 degrees)
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
http://lists.nongnu.org/mailman/listinfo/nmh-workers