It's only dangerous if you have other users on your machine. There is a possibility of a local exploit, but nothing remote. The man page for mktemp(3) has the details BUGS Never use mktemp(). Some implementations follow BSD 4.3 and replace XXXXXX by the current process id and a single letter, so that at most 26 different names can be returned. Since on the one hand the names are easy to guess, and on the other hand there is a race between test ing whether the name exists and opening the file, every use of mktemp() is a security risk. The race is avoided by mkstemp(3). Regards Anders On Thursday 24 May 2001 20:10, Togan Muftuoglu wrote:
Hi,
I have noticed after I upgrade to gcc 2.95.3 (from Philip Thomas's directory at ftp.suse.com) I am getting a warning like "use of mktemp is dangerous use mkstemp instead. "
Now since I have a D in programming is this something I should worry about. An example is xsane-0.77
TIA