The following reply was made to PR xsrc/32805; it has been noted by GNATS.

From: christos@zoulas.com (Christos Zoulas)
To: "Jeremy C. Reed" <reed@reedmedia.net>, gnats-bugs@netbsd.org
Cc: 
Subject: Re: PR/32805 CVS commit: xsrc/xfree/xc/programs/xdm/config
Date: Mon, 13 Feb 2006 12:58:54 -0500

 On Feb 13,  9:48am, reed@reedmedia.net ("Jeremy C. Reed") wrote:
 -- Subject: Re: PR/32805 CVS commit: xsrc/xfree/xc/programs/xdm/config
 
 | On Sun, 12 Feb 2006, Christos Zoulas wrote:
 | 
 | >  PR/32805: Steven M. Bellovin: There's a /tmp file creation race condition in
 | >  Xsession; use mktemp as suggested in the PR.
 | 
 | I am curious: why use the ".XXXXXX" template and then mv into place? (Why 
 | not just mktemp "$errfile"?)
 
 I don't want just to open the "known" filename with exclusive
 permissions.  I want to get a new file, point the error stream to
 that, and then if possible move it to the "known" filename. I am
 trying to avoid the overwrite a random file through symlink attack;
 the mv will overwrite the symlink with my newly created file if
 successful.
 
 christos