Date: Fri, 12 Jan 2001 18:59:47 -0500 From: Sergey Babkin <babkin@bellatlantic.net> To: Doug Barton <DougB@gorean.org> Cc: Maxim Sobolev <sobomax@FreeBSD.org>, Mark Murray <mark@grondar.za>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: Randomness and vi Message-ID: <3A5F9A73.65836484@bellatlantic.net> References: <Pine.BSF.4.31.0101121213540.24744-100000@dt051n37.san.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote: > > On Fri, 12 Jan 2001, Maxim Sobolev wrote: > > > Mark Murray wrote: > > > > > > <<On Fri, 12 Jan 2001 01:52:55 -0800, Doug Barton <DougB@FreeBSD.org> said: > > > > > > > > > found out the hard way that vi needs randomness to run when I was doing > > > > > > > > vi doesn't need randomness to run. > > > I suspect that in fact vi relies upon mkstemp, which IMHO by definition should > > use secure RNG. > > We have a winner. :) There seems to be no reason for mkstemp() to use anything secure. The simple explanation why is that a random thing is a random thing and there is always a chance that it would generate the same name as someone had already taken. So any level of randomness is not a protection against symlinks attacks and such. -SB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5F9A73.65836484>