From owner-freebsd-audit  Sun Jan 16 19:37:47 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from alcanet.com.au (border.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id 5B57A14C9D
	for <audit@FreeBSD.ORG>; Sun, 16 Jan 2000 19:37:41 -0800 (PST)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: by border.alcanet.com.au id <40327>; Mon, 17 Jan 2000 14:29:45 +1100
Content-return: prohibited
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: libc patch to warn about tempfiles
In-reply-to: <Pine.BSF.4.21.0001161808160.32821-100000@hub.freebsd.org>; from
 kris@hub.freebsd.org on Mon, Jan 17, 2000 at 01:04:11PM +1100
To: Kris Kennaway <kris@hub.freebsd.org>
Cc: audit@FreeBSD.ORG
Message-Id: <00Jan17.142945est.40327@border.alcanet.com.au>
MIME-version: 1.0
X-Mailer: Mutt 1.0i
Content-type: text/plain; charset=us-ascii
References: <Pine.BSF.4.21.0001161808160.32821-100000@hub.freebsd.org>
Date: Mon, 17 Jan 2000 14:29:42 +1100
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On 2000-Jan-17 13:04:11 +1100, Kris Kennaway <kris@hub.freebsd.org> wrote:
>Here's a patch to libc which complains when an application tries to use
>mktemp()/mkstemp()/... with fewer than 10 X's (using 6 is common, but
>unfortunately insecure since the PID is either known or easily guessable,
>leaving only 52 different results). This may be useful for tracking down
>insecure ports, as well as things in the base tree which have yet to be
>fixed.

I think that changing the algorithm to use a denser encoding (eg
encoding the PID in base-62 or more, rather than base 10) would be
a better solution.  This way you don't need to change the functions
using mktemp() et al.

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message