Mktemp is not in the book

jsmaby at virgo.umeche.maine.edu jsmaby at virgo.umeche.maine.edu
Thu Jan 30 07:41:42 PST 2003


> Looks like we either:
> a) accept a security risk,
> b) continue to have some LFS installed stuff that doesn't work,
> c) patch a version of tempfile and mktemp ourselves to use mkstemp
> d) continue scrounging to find a good version of both tempfile and/or
>    mktemp

The correct thing to do is to patch bzdiff and friends to not rely
on an insecure program.  We do exactly the same thing for ed, only
it's to fix use of an insecure function.  There is no good reason
to install tmpfile at all when shell scripts can be easily patched
to not use it.

I looked at the debianutils mktemp, and it doesn't agree with its
man page regarding what it does with all those X's (mkstemp() requires
exactly 6 X's, while the page suggests any number are okay).
Since I love reinventing the wheel, I wrote my own mktemp and
modified the man page to work with glibc's mkstemp (I guess openbsd's
is niftier, and that's where the man page is from).
http://virgo.umeche.maine.edu/misc/mktemp-0.1.tar.bz2

The advantage of this over debianutils is that you don't get all kinds
of unneeded programs (and their which is just the type -p hack).  Plus,
it's kind of nice not using a package with a competing distro's name
in its title (maybe even call this one lfs-mktemp?).

-James Smaby
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list