Description of problem: During compilation of xpdf gcc comes twice with warnings: gfile.o(.text+0x4d9): the use of `tmpnam' is dangerous, better use `mkstemp' The problem is really that code from goo/gfile.cc //---------- Unix ---------- char *s; int fd; if (ext) { #if HAVE_MKSTEMPS /* .... */ #else if (!(s = tmpnam(NULL))) { return gFalse; } *name = new GString(s); (*name)->append(ext); fd = open((*name)->getCString(), O_WRONLY | O_CREAT | O_EXCL, 0600); #endif } else { ..... AFAIK this branch is not even really used in the current version of xpdf but the problem is a need for 'ext' which is not supported by 'mkstemp()'. True, O_EXCL flag is used to 'open()' but this will not help really if a directory where this is happening will be mounted, say, via NFS. Likely a remote possibility of an attack but it exists. A simple way to close the bug for now would be to comment out the whole branch. In general, in an absence of mkstemps(), mkdtemp() likely should be used to create a temporary subdirectory where files with desired extenstions can be safely opened and the whole directory should be removed on exit. Version-Release number of selected component (if applicable): xpdf-2.01-2 but the same code is actually in earlier versions as well.
it's fixed in 2.02-2 or newer.