Secure temporary fifo creation
Mentors,
What is the recommended method for securely creating a temporary named pipe in
C code?
Looking at the man pages for various library calls it appears that tmpfile(3)
is probably an acceptable means of creating a temporary file, but this
returns a FILE *. The upstram source I'm packaging needs to make a temporary
fifo. It uses tempnam(3) to get a temporary file name as a char *, and then
mkfifo(3) to make the fifo named pipe from the file name. Is this
sufficiently secure? Should I post this to debian-security?
Thanks,
Greg Deitrick
Reply to: