From owner-freebsd-hackers  Thu Jan 16 10:08:58 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id KAA03391
          for hackers-outgoing; Thu, 16 Jan 1997 10:08:58 -0800 (PST)
Received: from vdp01.vailsystems.com (root@vdp01.vailsystems.com [207.152.98.18])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id KAA03385
          for <hackers@freebsd.org>; Thu, 16 Jan 1997 10:08:56 -0800 (PST)
Received: from crocodile.vale.com (crocodile [204.117.217.147]) by vdp01.vailsystems.com (8.8.3/8.7.3) with ESMTP id MAA19878 for <hackers@freebsd.org>; Thu, 16 Jan 1997 12:08:44 -0600 (CST)
Received: from jaguar (jaguar.vale.com [204.117.217.146]) by crocodile.vale.com (8.8.3/8.7.3) with SMTP id MAA19777 for <hackers@freebsd.org>; Thu, 16 Jan 1997 12:08:43 -0600 (CST)
Message-ID: <32DE6EAC.1A1B@vailsys.com>
Date: Thu, 16 Jan 1997 12:08:44 -0600
From: Hal Snyder <hal@vailsys.com>
Reply-To: hal@vailsys.com
Organization: Vail Systems, Inc.
X-Mailer: Mozilla 3.0 (WinNT; I)
MIME-Version: 1.0
To: hackers@freebsd.org
Subject: open () unlinked?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I was at Marcus Ranum's Usenix '97 tuturial on Coding for Hostile
Environments, and the subject came up of creating temporary files
securely.  Open-then-unlink leaves a window for someone to get at the
file.

Has there been any discussion here of adding, e.g., an O_UNLINK flag to
open (), that would effectively create an anonymous temp file?