From owner-freebsd-audit Mon Jan 17 12:58:20 2000 Delivered-To: freebsd-audit@freebsd.org Received: from spirit.jaded.net (spirit.jaded.net [216.94.113.12]) by hub.freebsd.org (Postfix) with ESMTP id 6FC9814FF4; Mon, 17 Jan 2000 12:58:18 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id QAA01949; Mon, 17 Jan 2000 16:04:27 -0500 (EST) Date: Mon, 17 Jan 2000 16:04:27 -0500 From: Dan Moschuk To: Peter Jeremy Cc: Kris Kennaway , audit@FreeBSD.ORG Subject: Re: libc patch to warn about tempfiles Message-ID: <20000117160427.E1156@spirit.jaded.net> References: <00Jan17.142945est.40327@border.alcanet.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <00Jan17.142945est.40327@border.alcanet.com.au>; from peter.jeremy@alcatel.com.au on Mon, Jan 17, 2000 at 02:29:42PM +1100 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | >Here's a patch to libc which complains when an application tries to use | >mktemp()/mkstemp()/... with fewer than 10 X's (using 6 is common, but | >unfortunately insecure since the PID is either known or easily guessable, | >leaving only 52 different results). This may be useful for tracking down | >insecure ports, as well as things in the base tree which have yet to be | >fixed. | | I think that changing the algorithm to use a denser encoding (eg | encoding the PID in base-62 or more, rather than base 10) would be | a better solution. This way you don't need to change the functions | using mktemp() et al. Why not have it use arc4random()? -- Dan Moschuk (TFreak!dan@freebsd.org) "Waste not fresh tears on old griefs." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message