explain why mktemp is unsafe

author: deraadt <deraadt@openbsd.org> 1996-08-21 19:03:29 +0000
committer: deraadt <deraadt@openbsd.org> 1996-08-21 19:03:29 +0000
commit: 6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4 (patch)
tree: e42cb0755b26123f1a1d106eaee03678d227d62e /lib/libc
parent: spit out a warning if /dev/console does not exist; from mouse@Collatz.McRCIM.McGill.EDU (diff)
download: wireguard-openbsd-6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4.tar.xz
wireguard-openbsd-6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4.zip
1 files changed, 7 insertions, 1 deletions
diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3
index a7fb2809796..14ff1c53424 100644
--- a/lib/libc/stdio/mktemp.3
+++ b/lib/libc/stdio/mktemp.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mktemp.3,v 1.2 1996/08/19 08:32:55 tholo Exp $
+.\"	$OpenBSD: mktemp.3,v 1.3 1996/08/21 19:03:29 deraadt Exp $
 .\"
 .\" Copyright (c) 1989, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -124,6 +124,12 @@ may also set
 to any value specified by the
 .Xr open 2
 function.
+.Sh BUGS
+An attacker can guess the filenames produced by
+.Fn mktemp .
+Whenever it is possible
+.Fn mkstemp
+should be used instead.
 .Sh SEE ALSO
 .Xr chmod 2 ,
 .Xr getpid 2 ,
author	deraadt <deraadt@openbsd.org>	1996-08-21 19:03:29 +0000
committer	deraadt <deraadt@openbsd.org>	1996-08-21 19:03:29 +0000
commit	6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4 (patch)
tree	e42cb0755b26123f1a1d106eaee03678d227d62e /lib/libc
parent	spit out a warning if /dev/console does not exist; from mouse@Collatz.McRCIM.McGill.EDU (diff)
download	wireguard-openbsd-6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4.tar.xz wireguard-openbsd-6668633fff07a8a4a93cbf2bc7c0ac470b3ea7b4.zip