From owner-freebsd-current Sat Jun 10 15: 0:47 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 44B8B37C780; Sat, 10 Jun 2000 15:00:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id PAA62152; Sat, 10 Jun 2000 15:00:44 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 10 Jun 2000 15:00:43 -0700 (PDT) From: Kris Kennaway To: "Andrey A. Chernov" Cc: "Jeroen C. van Gelderen" , Mark Murray , current@FreeBSD.ORG Subject: Re: mktemp() patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 10 Jun 2000, Kris Kennaway wrote: > Given the other replies in this thread I think I'll just remove the PID > stuff altogether and make the temp filename only constructed from > alphanumeric character. The price is that there's a chance of collision > between two programs who mktemp() and come up with the same random > filename, which is a theoretical security risk (at present only something > with the same PID can come up with a colliding tempfile name) but the > probability is altogether pretty small. I'll do some calculations to > estimate the exact level of risk here. Actually, it's not of course a security risk in the new algorithm (this is mktemp() after all), but it's a potential failure mode which can cause applications to fail in ways they otherwise wouldn't (with some very low probability) on a normal system. But, I don't think it's a big enough problem to worry about (numbers still coming :-) Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message