A better solution would be if applications always opened files in /tmp with O_CREAT | O_EXCL. tmpfile(3) does this but the file is always 644. I think there should be a tmpfilem(mode_t) where the mode could be specified.
I was forced to implement my own tmpfile(3) from tmpnam(3) to fix similiar security problems in bash. Guy -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
