From owner-freebsd-current  Sat Jun 10 19:23: 4 2000
Delivered-To: freebsd-current@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 542)
	id AED6437BE9C; Sat, 10 Jun 2000 19:22:59 -0700 (PDT)
Date: Sat, 10 Jun 2000 19:22:59 -0700
From: "Andrey A. Chernov" <ache@freebsd.org>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: "Jeroen C. van Gelderen" <jeroen@vangelderen.org>,
	Mark Murray <mark@grondar.za>, current@FreeBSD.ORG
Subject: Re: mktemp() patch
Message-ID: <20000610192259.A99504@freebsd.org>
References: <20000609234634.A50676@freebsd.org> <Pine.BSF.4.21.0006101424020.56482-100000@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.95.4i
In-Reply-To: <Pine.BSF.4.21.0006101424020.56482-100000@freefall.freebsd.org>; from kris@FreeBSD.org on Sat, Jun 10, 2000 at 02:31:23PM -0700
Organization: Biomechanoid
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Jun 10, 2000 at 02:31:23PM -0700, Kris Kennaway wrote:
> between two programs who mktemp() and come up with the same random
> filename, which is a theoretical security risk (at present only something
> with the same PID can come up with a colliding tempfile name) but the
> probability is altogether pretty small. I'll do some calculations to
> estimate the exact level of risk here.

Please note that you turn never probavility into small one, and it is 
degradation. "never" is not completely never, of course, but if temp file stays 
until pids wrapped.

-- 
Andrey A. Chernov
<ache@nagual.pp.ru>
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message