Re: [Nmh-workers] Diffs for replacing mktemp() usage

[Lyndon Nerenberg (VE6BBM/VE7TFX)]

> Yes, this is why it's difficult to fix :-). Unfortunately, if you
> use mkstemp() but still allow the rest of the code to reopen
> the temporary file by name, you've shut the linker up but
> not completely closed the security hole. See
> http://www.mail-archive.com/address@hidden/msg01380.html
> 
> So I would vote against (the tempfile related parts of) this patch.

Having an MH-private namespace for scratch files is certainly the way
to go here.  These aren't 'temp files' in the traditional sense, and
none of the usual APIs suit the task at hand.

There are license-compatible mkstemp() implementations out there that
can serve as a base for a code import, upon which a suitable
replacement can be built.

--lyndon