mktemp: go back to using mktemp() for mktemp -u
The -u option to mktemp(1) is inherently unsafe, and the fact it exists
in the first place is probably a mistake. That said, it exists, and if
we want to support it, we should try to minimize the risk of using it.
The current code attempts to work around a build failure caused by
passing --fatal-warnings to the linker by using mkstemp() and unlinking
the resulting file, which eliminates the need for an attacker to guess
the filename (he can instead watch the temporary file directory using
inotify or some other similar mechanism). It's better instead to use
mktemp() (which at least forces the attacker to guess what "XXXXXX" was
replaced with) and tell the linker to live with the warning.
Change-Id: I01e0901db39821b7d1ce06145d1199ecd929e689
1 file changed