I have just compiled the latest release of Samba, subsequent to a 
security alert, and attempted to get rid of all warnings generated 
during the compilation stage.

Some of the NetBSD 1.3 specific fixes (small as they are, they are 
particularly annoying) I'll feed back to the samba-bugs mailing list, 
but the "ld" generated complaints about mktemp() merit some attention.

The first issue I stumbled on was the different open() modes implied by 
mkstemp(), compared to what Samba requires.  As there is no visible 
means (am I missing something?) to change a file descriptor's mode from 
O_RDWR to O_WRONLY, Samba's requirements are not being met.  The actual 
permissions, 0600, are quite understandable, but the mkstemp() 
interface ought to have allowed for file modes as a separate parameter.

Is it too late now to change or supplement this?

Secondly, there are instances where mktemp() is perfectly adequate to 
its task, as opening the actual file may not be immediately desired.  
Of three instances of mktemp() usage in the Samba suite, two seem to be 
of this nature - I am speaking under correction, I may have missed 
something.

Seems to me that raising the alarm is a very good idea, while at the 
same time it would be nice to suppress the alarm when it is deemed 
inappropriate.  Is this at all possible?

Regards, all.
-- 
Lucio de Re (lucio@proxima.alt.za)
Disclaimer: I'm working at getting my opinions to agree with me.