Re: mktemp()

In the last episode (Jul 15), Johan Sundstr÷m (Achtung Liebe!) @ Pike (-) developers forum said:

The system mktemp is atomical, where a pike variant would get races, and thus probably would be susceptible to more attack vectors on it.

There's no such thing as an atomic mktemp(). Use of mktemp() is inherently race-prone, since it simply returns a filename that doesn't exist at the time of the call, and it's up to the application to call open() correctly (i.e. with O_EXCL|O_CREAT to ensure that an attacker's symlink isn't followed), and retry if the open fails. I'd suggest implementing mkstemp() or mkstemps() instead, so you do all the work and return a fd or FILE back to the user.