Michael Ortmann

This PR fixes 1 memory account glitch There is one more here: https://github.com/eggheads/eggdrop/pull/438/files#diff-2d8e3362ec4e40b7a6e562a1c7968e7b67063d05f639d9da1e0fa32b414c8706R319 @thommey: Please can you take a look? You know that code better than me.

we do not leak here. this PR is merely about our own debug memory accounting.

modern operating system tmpfile() does more than wrap around mkstemp and do fdopen(). for example see https://github.com/freebsd/freebsd/blob/master/lib/libc/stdio/tmpfile.c so i dont think the code change would be that small mkstemp() is...

meanwhile, `copy-to-tmp` has been removed, so solving this Issue can be resumed

modern libc implementations of `tmpfile()` should securely create tmp files. like current freebsd libc `tmpfile()` internally uses `mkstemp()`: https://github.com/freebsd/freebsd-src/blob/6d86bdf1c423e162cecd9b7c516b211461d1932b/lib/libc/stdio/tmpfile.c#L69

thommeys initial comment is right. some libcs do also have insecure mkstemp(). In glibc versions 2.06 and earlier, the file is created with permissions 0666, that is, read and write...

We should also check for and use `O_TMPFILE`, if available (since Linux 3.11). So i propose something like the following: ``` #define _GNU_SOURCE egg_tmpfile() { #ifdef O_TMPFILE if ((fd =...

> Not specifically addressed in this PR but maybe missed when this was implemented- based on the use of last_invchan in chan.c:1779, I think the definition of last_invchan needs to...

Additional info: Installed macOS from scratch, then installed official command line developer tools (git, ...), then: https://pastebin.com/RA8Giqqf see also: https://github.com/eggheads/eggdrop/blob/74c786165272a9a7c7a7374d1906d2b30201d862/aclocal.m4#L530

Thank you! Also for reference, this Issue is related to #176