Improve the explanation on the (in)security of mktemp(3).

2000-01-25 13:58:46 +00:00 · 2000-01-25 13:58:46 +00:00 · 71207448cf
commit 71207448cf
parent d59590d848
1 changed files with 6 additions and 3 deletions
--- a/lib/libc/stdio/mktemp.3
+++ b/lib/libc/stdio/mktemp.3
@ -186,9 +186,12 @@ See
 .Xr gcc 1
 for more information.
 .Sh BUGS
-An attacker can guess the filenames produced by
-.Fn mktemp .
-Whenever it is possible
+This family of functions produces filenames which can be guessed.
+This makes the race in
+.Fn mktemp ,
+between testing for a file's existence and opening it for use,
+particularly dangerous from a security perspective.
+Whenever it is possible,
 .Fn mkstemp
 should be used instead.
 .Sh SEE ALSO