Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Use mkstemp instead of tmpfile #505
Using tmpfile() can potentially be insecure as per http://cwe.mitre.org/data/definitions/377.html, mkstemp with previously set umask(0600) would be appropriate. Code changes can be small with fdopen() on the resulting file descriptor, or we can adjust the copying functions.
modern operating system tmpfile() does more than wrap around mkstemp and do fdopen().
but ive got a more important question:
there is an eggdrop.conf setting for transfer module called copy-to-tmp