Coverity doesn't like tmpfile(), but the alternative (mkstemp) is worse
because you then are responsible for cleaning up the file on your own.
You can do a mkstemp and then immediately unlink, but that leaves a
window where the config exists on the filesystem for just a little time
allowing an attacker to grab a handle.
I had originally switched it the other way to satisfy coverity, but that
was dumb.
Coverity doesn't like tmpfile(), but the alternative (mkstemp) is worse because you then are responsible for cleaning up the file on your own. You can do a mkstemp and then immediately unlink, but that leaves a window where the config exists on the filesystem for just a little time allowing an attacker to grab a handle.
I had originally switched it the other way to satisfy coverity, but that was dumb.