Date: Thu, 11 Apr 2019 05:09:31 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 230792] sort -R, --random-source issues Message-ID: <bug-230792-227-JzK36sAjTt@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-230792-227@https.bugs.freebsd.org/bugzilla/> References: <bug-230792-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=230792 --- Comment #4 from commit-hook@freebsd.org --- A commit references this bug: Author: cem Date: Thu Apr 11 05:08:50 UTC 2019 New revision: 346116 URL: https://svnweb.freebsd.org/changeset/base/346116 Log: sort(1): Simplify and bound random seeding Bound input file processing length to avoid the issue reported in [1]. For simplicity, only allow regular file and character device inputs. For character devices, only allow /dev/random (and /dev/urandom symblink). 32 bytes of random is perfectly sufficient to seed MD5; we don't need any more. Users that want to use large files as seeds are encouraged to truncate those files down to an appropriate input file via tools like sha256(1). (This does not change the sort algorithm of sort -R.) [1]: https://lists.freebsd.org/pipermail/freebsd-hackers/2018-August/053152.html PR: 230792 Reported by: Ali Abdallah <aliovx AT gmail.com> Relnotes: yes Changes: head/usr.bin/sort/sort.c -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230792-227-JzK36sAjTt>