In src/types.c, typ_identify_end() is using tmpnam(3), but it is insecure.
Because if a attacker put a file or symbolic link same name as temp_name before gentoo create it with open(2),
* attacker can get file names from temp file, even if users may want to be hidden.
* attacker can insert fake output of file command, a file may treated as unwanted file type by gentoo
* if symbolic link, the refered file may be broke by output of file command.
and so on.
At least, open(2) should be called with O_EXCL to detect attacker's file.
Or use mkstemp(3) instead to create temp file atomically.