Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 12 Jan 2001 18:59:47 -0500
From:      Sergey Babkin <babkin@bellatlantic.net>
To:        Doug Barton <DougB@gorean.org>
Cc:        Maxim Sobolev <sobomax@FreeBSD.org>, Mark Murray <mark@grondar.za>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: Randomness and vi
Message-ID:  <3A5F9A73.65836484@bellatlantic.net>
References:  <Pine.BSF.4.31.0101121213540.24744-100000@dt051n37.san.rr.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote:
> 
> On Fri, 12 Jan 2001, Maxim Sobolev wrote:
> 
> > Mark Murray wrote:
> >
> > > > <<On Fri, 12 Jan 2001 01:52:55 -0800, Doug Barton <DougB@FreeBSD.org> said:
> > > >
> > > > > found out the hard way that vi needs randomness to run when I was doing
> > > >
> > > > vi doesn't need randomness to run.
> 
> > I suspect that in fact vi relies upon mkstemp, which IMHO by definition should
> > use secure RNG.
> 
>         We have a winner. :)

There seems to be no reason for mkstemp() to use anything secure.
The simple explanation why is that a random thing is a random thing
and there is always a chance that it would generate the same name
as someone had already taken. So any level of randomness is not
a protection against symlinks attacks and such.

-SB


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A5F9A73.65836484>