diff --git a/server/db.c b/server/db.c
index a4e1558..1d5f5b0 100644
--- a/server/db.c
+++ b/server/db.c
@@ -1059,21 +1059,16 @@ int new_lease_file ()
 
 	db_validity = lease_file_is_corrupt;
 
-	/* %Audit% Truncated filename causes panic. %2004.06.17,Safe%
-	 * This should never happen since the path is a configuration
-	 * variable from build-time or command-line.  But if it should,
-	 * either by malice or ignorance, we panic, since the potential
-	 * for havoc is high.
-	 */
-	if (snprintf (newfname, sizeof newfname, "%s.%d",
-		     path_dhcpd_db, (int)t) >= sizeof newfname)
-		log_fatal("new_lease_file: lease file path too long");
-
-	db_fd = open (newfname, O_WRONLY | O_TRUNC | O_CREAT, 0664);
+	snprintf (newfname, sizeof(newfname), "%s.XXXXXX", path_dhcpd_db);
+	db_fd = mkstemp (newfname);
 	if (db_fd < 0) {
 		log_error ("Can't create new lease file: %m");
 		return 0;
 	}
+	if (fchmod(db_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) == -1) {
+		log_error ("Can't fchmod new lease file: %m");
+		goto fail;
+	}
 	if ((new_db_file = fdopen(db_fd, "w")) == NULL) {
 		log_error("Can't fdopen new lease file: %m");
 		close(db_fd);