* libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move declarations

	to stdlib.h.
	* libc/include/stdlib.h (mktemp, _mktemp_r): Warn when using.
	* libc/stdio/mktemp.c: Explain the security risk when using
	mktemp.

1 files changed, 7 insertions, 0 deletions

diff --git a/newlib/libc/stdio/mktemp.c b/newlib/libc/stdio/mktemp.c
index e00228e15..c4347cd05 100644
--- a/newlib/libc/stdio/mktemp.c
+++ b/newlib/libc/stdio/mktemp.c
@@ -85,6 +85,13 @@ unless it could not generate an unused filename, or the pattern you
 provided is not suitable for a filename; in that case, it returns
 <<-1>>.
 
+NOTES
+Never use <<mktemp>>.  The generated filenames are easy to guess and
+there's a race between the test if the file exists and the creation
+of the file.  In combination this makes <<mktemp>> prone to attacks
+and using it is a security risk.  Whenever possible use <<mkstemp>>
+instead.  It doesn't suffer the race condition.
+
 PORTABILITY
 ANSI C does not require either <<mktemp>> or <<mkstemp>>; the System
 V Interface Definition requires <<mktemp>> as of Issue 2.