From owner-cvs-all Fri Jan 12 16: 0:18 2001 Delivered-To: cvs-all@freebsd.org Received: from smtp02.teb1.iconnet.net (smtp02.teb1.iconnet.net [209.3.218.43]) by hub.freebsd.org (Postfix) with ESMTP id AD87A37B400; Fri, 12 Jan 2001 15:59:57 -0800 (PST) Received: from bellatlantic.net (client-151-198-135-7.nnj.dialup.bellatlantic.net [151.198.135.7]) by smtp02.teb1.iconnet.net (8.9.1/8.9.1) with ESMTP id SAA07962; Fri, 12 Jan 2001 18:59:47 -0500 (EST) Message-ID: <3A5F9A73.65836484@bellatlantic.net> Date: Fri, 12 Jan 2001 18:59:47 -0500 From: Sergey Babkin X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 4.0-19990626-CURRENT i386) X-Accept-Language: en, ru MIME-Version: 1.0 To: Doug Barton Cc: Maxim Sobolev , Mark Murray , Garrett Wollman , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: Randomness and vi References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Doug Barton wrote: > > On Fri, 12 Jan 2001, Maxim Sobolev wrote: > > > Mark Murray wrote: > > > > > > < said: > > > > > > > > > found out the hard way that vi needs randomness to run when I was doing > > > > > > > > vi doesn't need randomness to run. > > > I suspect that in fact vi relies upon mkstemp, which IMHO by definition should > > use secure RNG. > > We have a winner. :) There seems to be no reason for mkstemp() to use anything secure. The simple explanation why is that a random thing is a random thing and there is always a chance that it would generate the same name as someone had already taken. So any level of randomness is not a protection against symlinks attacks and such. -SB To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message