From owner-freebsd-audit Fri Nov 10 5:25:53 2000 Delivered-To: freebsd-audit@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id B688137B4C5 for ; Fri, 10 Nov 2000 05:25:51 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.9.3/8.9.3) with SMTP id IAA60850; Fri, 10 Nov 2000 08:24:34 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Fri, 10 Nov 2000 08:24:34 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Kris Kennaway Cc: audit@freebsd.org Subject: Re: mktemp() patch, again In-Reply-To: <20001104145247.A9161@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I used to accept the idea of using varying case to increase the randomness space. In light of Mac OS X's case-preserving but case-insensitive file system, I think it would be wiser not to rely on case-independence. That said, I think the current patches are safe against that, since the file system takes care of the magic and informs you if you get a collision in the same way it does for a case-sensitive collision (O_EXCL), it just means that the effective string length still needs to be longer. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message