On Sun, Aug 27, 2017, at 16:46, Kamil CholewiĆski wrote:
> On Sun, 27 Aug 2017, Thomas Levine <__AT_thomaslevine.com> wrote:
> > * mktemp is not portable; you could use something like the date and
> > process identifier ($$) to create a portable temporary file.
>
> This is very wrong advice, please don't do this. Current timestamp is as
> guessable as it gets. PIDs on most systems are limited to 5 digits. All
> very easy to bruteforce.
>
> If you're concerned with the availability of mktemp, port it.
Thank you Kamil. Yes I am aware of the security problems of creating my
own temporary files based on PID and so forth, which is why I chose
mktemp. It looks like it is already fairly portable [1]: "The mktemp
code is highly portable and should compile on most any Unix-like
operating system".
[1]
https://www.mktemp.org/
Received on Sun Aug 27 2017 - 23:22:27 CEST