From owner-freebsd-audit  Tue Dec 12 18: 6:56 2000
From owner-freebsd-audit@FreeBSD.ORG  Tue Dec 12 18:06:53 2000
Return-Path: <owner-freebsd-audit@FreeBSD.ORG>
Delivered-To: freebsd-audit@freebsd.org
Received: from citusc.usc.edu (citusc.usc.edu [128.125.38.123])
	by hub.freebsd.org (Postfix) with ESMTP id 2D1B437B400
	for <freebsd-audit@FreeBSD.ORG>; Tue, 12 Dec 2000 18:06:53 -0800 (PST)
Received: (from kris@localhost)
	by citusc.usc.edu (8.9.3/8.9.3) id SAA10996;
	Tue, 12 Dec 2000 18:08:05 -0800
Date: Tue, 12 Dec 2000 18:08:05 -0800
From: Kris Kennaway <kris@FreeBSD.ORG>
To: Warner Losh <imp@village.org>
Cc: Will Andrews <will@physics.purdue.edu>,
	Chris Faulhaber <jedgar@fxp.org>, freebsd-audit@FreeBSD.ORG
Subject: Re: mktemp(1) usage
Message-ID: <20001212180805.B10901@citusc.usc.edu>
References: <20001209171334.J671@puck.firepipe.net> <20001209150853.A57045@peitho.fxp.org> <20001209171334.J671@puck.firepipe.net> <200012100529.WAA26442@harmony.village.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G"
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <200012100529.WAA26442@harmony.village.org>; from imp@village.org on Sat, Dec 09, 2000 at 10:29:50PM -0700
Sender: kris@citusc.usc.edu
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Dec 09, 2000 at 10:29:50PM -0700, Warner Losh wrote:
> In message <20001209171334.J671@puck.firepipe.net> Will Andrews writes:
> : On Sat, Dec 09, 2000 at 03:08:54PM -0500, Chris Faulhaber wrote:
> : > Would it be more appropriate for scripts such as periodic(8) to
> : > call mktemp(1) using the -t flag.  In addition to using TMPDIR,
> : > this allows the use of the system's _PATH_TMP instead of
> : > hardcoding /tmp.
> :=20
> : Maybe that method doesn't use a random enough number to avoid file
> : races?
>=20
> If it doesn't, then maybe it should, don't you think.  But I think it
> does.  We're looking at 8 X's.  It would also be a good place to bump
> it to 10 if we needed to, say.

No need - with the old method of mktemp() encoding you needed more
than 6 X's to be secure, but with the new dense encoding even 6 is
fine. Moreover, mktemp(1) is actually mkstemp(1), so there was never
any problem with it unless you use -u.

Kris

--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6NtoFWry0BWjoQKURAuEqAKDrLKeDObu85IrOabkRumKaNwQ3/wCg4QY6
1pBI6GbbtK5hGZeEb1f89pk=
=MYnl
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message