source-changes: re: CVS commit: src/usr.sbin/lpr/lpd

Subject: re: CVS commit: src/usr.sbin/lpr/lpd
To: Jaromir Dolecek <jdolecek@NetBSD.org>
From: matthew green <mrg@eterna.com.au>
List: source-changes
Date: 11/28/2005 08:38:28

   On Mon, Nov 28, 2005 at 08:27:31AM +1100, matthew green wrote:
   >    
   >    Log Message:
   >    the mktemp() use here is not OK, adjust comment
   > 
   > 
   > how is it not safe?

   There is a race between mktemp() call and actually creating the
   temporaty file, isn't there? Both mktemp() usages are quite easily
   convertible to mkstemp(), BTW.

what race?  the file is created in a protected directory.

mkstemp() is probably the right answer, but this code isn't currently
unsafe as far as i can tell.

.mrg.