Re: [dev] announcing edit-pipe

From: Greg Reagle <>
Date: Sun, 27 Aug 2017 17:22:27 -0400

On Sun, Aug 27, 2017, at 16:46, Kamil CholewiƄski wrote:
> On Sun, 27 Aug 2017, Thomas Levine <> wrote:
> > * mktemp is not portable; you could use something like the date and
> > process identifier ($$) to create a portable temporary file.
> This is very wrong advice, please don't do this. Current timestamp is as
> guessable as it gets. PIDs on most systems are limited to 5 digits. All
> very easy to bruteforce.
> If you're concerned with the availability of mktemp, port it.

Thank you Kamil. Yes I am aware of the security problems of creating my
own temporary files based on PID and so forth, which is why I chose
mktemp. It looks like it is already fairly portable [1]: "The mktemp
code is highly portable and should compile on most any Unix-like
operating system".

Received on Sun Aug 27 2017 - 23:22:27 CEST

This archive was generated by hypermail 2.3.0 : Sun Aug 27 2017 - 23:24:17 CEST