author: Sheldon Hearn <sheldonh@FreeBSD.org> 2000-01-25 13:58:46 +0000
committer: Sheldon Hearn <sheldonh@FreeBSD.org> 2000-01-25 13:58:46 +0000
commit: 71207448cf3eb42617320efb36e7aa9d76c4c98e (patch)
tree: 759fb3ce00807ccc5819a0f5557860725a88750e /lib/libc
parent: d59590d8485fbe88e41dcd14989dbf2f3b910f21 (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/libc/stdio/mktemp.3 b/lib/libc/stdio/mktemp.3
index d78d67cb4df8..9b92d4a32384 100644
--- a/lib/libc/stdio/mktemp.3
+++ b/lib/libc/stdio/mktemp.3
@@ -186,9 +186,12 @@ See
 .Xr gcc 1
 for more information.
 .Sh BUGS
-An attacker can guess the filenames produced by
-.Fn mktemp .
-Whenever it is possible
+This family of functions produces filenames which can be guessed.
+This makes the race in
+.Fn mktemp ,
+between testing for a file's existence and opening it for use,
+particularly dangerous from a security perspective.
+Whenever it is possible,
 .Fn mkstemp
 should be used instead.
 .Sh SEE ALSO
author	Sheldon Hearn <sheldonh@FreeBSD.org>	2000-01-25 13:58:46 +0000
committer	Sheldon Hearn <sheldonh@FreeBSD.org>	2000-01-25 13:58:46 +0000
commit	71207448cf3eb42617320efb36e7aa9d76c4c98e (patch)
tree	759fb3ce00807ccc5819a0f5557860725a88750e /lib/libc
parent	d59590d8485fbe88e41dcd14989dbf2f3b910f21 (diff)