[cfe-dev] question about mktemp security warning
devlists at shadowlab.org
Wed Mar 24 18:02:54 CDT 2010
I see a security warning in the analyzer that saids that using mktemp is always wrong.
I though using mktemp + open(path, O_CREAT | O_EXCL) was safe.
Did I miss something, or is the analyzer a little too much strict about this function ?
I known that mkstemp should be preferred, but some API (like SQLite) provide only an "open" like function, and no "fdopen" like function, so mkstemp is useless in these case.
More information about the cfe-dev