From owner-freebsd-audit Mon Jan 17 13:12:17 2000 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 47CC214EEA; Mon, 17 Jan 2000 13:12:16 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 387731CD644; Mon, 17 Jan 2000 13:12:16 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Mon, 17 Jan 2000 13:12:16 -0800 (PST) From: Kris Kennaway To: Dan Moschuk Cc: Peter Jeremy , audit@FreeBSD.ORG Subject: Re: libc patch to warn about tempfiles In-Reply-To: <20000117160427.E1156@spirit.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, 17 Jan 2000, Dan Moschuk wrote: > | encoding the PID in base-62 or more, rather than base 10) would be > | a better solution. This way you don't need to change the functions > | using mktemp() et al. > > Why not have it use arc4random()? It does. I think your question was actually "Why does it use the PID?" The obvious answer is for collision avoidance: it guarantees that no other process will use the same tempfile name for the life of the process. OTOH, if we were to use a purely random field of 36 bits then we'd have a 1 in 6.8e10 chance of collision, which isn't very strong. Increasing the length of the field would lower the probabilities exponentially, but then there's no advantage to just lengthening the field right now. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message