From 71675a3908d8bf650dce62d174d33391dbaafd2d Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Sat, 14 Mar 2009 12:14:08 +0000
Subject: 	* libc/include/stdio.h (_mkstemp_r, _mktemp_r): Move
 declarations 	to stdlib.h. 	* libc/include/stdlib.h (mktemp, _mktemp_r):
 Warn when using. 	* libc/stdio/mktemp.c: Explain the security risk when
 using 	mktemp.

---
 newlib/libc/stdio/mktemp.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'newlib/libc/stdio/mktemp.c')

diff --git a/newlib/libc/stdio/mktemp.c b/newlib/libc/stdio/mktemp.c
index e00228e15..c4347cd05 100644
--- a/newlib/libc/stdio/mktemp.c
+++ b/newlib/libc/stdio/mktemp.c
@@ -85,6 +85,13 @@ unless it could not generate an unused filename, or the pattern you
 provided is not suitable for a filename; in that case, it returns
 <<-1>>.
 
+NOTES
+Never use <<mktemp>>.  The generated filenames are easy to guess and
+there's a race between the test if the file exists and the creation
+of the file.  In combination this makes <<mktemp>> prone to attacks
+and using it is a security risk.  Whenever possible use <<mkstemp>>
+instead.  It doesn't suffer the race condition.
+
 PORTABILITY
 ANSI C does not require either <<mktemp>> or <<mkstemp>>; the System
 V Interface Definition requires <<mktemp>> as of Issue 2.
-- 
cgit v1.2.3