[redirected to tech-security - that's what it's for]

David Brownlee writes:
> On Mon, 24 Feb 1997, Frank van der Linden wrote:
> > I don't think modifying a filesystem in this way is a good idea at all;
> > it's something that should not be in the kernel. As soon as you start
> > plugging holes by modifying the kernel, while there is a good userspace
> > solution possible (i.e. mkstemp(3)), then you're on the wrong track.
> > 
> 	It would help if at least source in the tree used mkstemp() rather
> 	than mktemp(), tmpnam(), tempnam(). 
> 
> 	Maybe add a warning for the above functions in a similar fashion
> 	to 'gets()' - I believe OpenBSD did something like that a while
> 	back.

I've been hacking at this in a private tree. There's some stuff that
can stay with mktemp() (because they open a unix domain socket not a
file, or it's difficult to quickly rectify). However, stuff like lpd
(which is setuid, therefore a good choice to fix) can be changed
rather easily.

Unless I hear some major screams, I'll commit the warn_refs mod
for mktemp(), tempnam() and tmpnam().