On Sun, Aug 27, 2017, at 16:46, Kamil Cholewiński wrote: > On Sun, 27 Aug 2017, Thomas Levine <_...@thomaslevine.com> wrote: > > * mktemp is not portable; you could use something like the date and > > process identifier ($$) to create a portable temporary file. > > This is very wrong advice, please don't do this. Current timestamp is as > guessable as it gets. PIDs on most systems are limited to 5 digits. All > very easy to bruteforce. > > If you're concerned with the availability of mktemp, port it.
Thank you Kamil. Yes I am aware of the security problems of creating my own temporary files based on PID and so forth, which is why I chose mktemp. It looks like it is already fairly portable [1]: "The mktemp code is highly portable and should compile on most any Unix-like operating system". [1] https://www.mktemp.org/
