Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 23 Nov 2000 18:02:46 +0200
From:      Sheldon Hearn <sheldonh@uunet.co.za>
To:        audit@freebsd.org
Subject:   makedevops.pl and makeobjops.pl tmpfiles
Message-ID:  <14242.974995366@axl.fw.uunet.co.za>
next in thread | raw e-mail | index | archive | help 

Hi folks,

It seems to me that, unless we import the File::Temp perl5 module into
the base system (as NetBSD have done), we should use something like the
following patch to makeobjops.pl and makedevops.pl, less they be abused.

The perl5.6.0's srand() subroutine seeds the PRNG from /dev/urandom,
so we don't have to worry too much about a guessable seed.  In fact,
the call to srand() shouldn't be required at all, since perl5.6.0
automatically calls srand() if it has not yet been called by the time
rand() is first called.

Ciao,
Sheldon.

Index: makedevops.pl
===================================================================
RCS file: /home/ncvs/src/sys/kern/makedevops.pl,v
retrieving revision 1.13
diff -u -d -r1.13 makedevops.pl
--- makedevops.pl	2000/10/15 15:19:35	1.13
+++ makedevops.pl	2000/11/23 15:57:48
@@ -117,10 +117,12 @@
 $tmpdir = '.'                       # give up and use current dir
    if !$tmpdir;
 
+srand;
+
 foreach $src ( @filenames ) {
    # Names of the created files
-   $ctmpname = "$tmpdir/ctmp.$$";
-   $htmpname = "$tmpdir/htmp.$$";
+   $ctmpname = "$tmpdir/ctmp." . rand(9999);
+   $htmpname = "$tmpdir/htmp." . rand(9999);
 
    ($name, $path, $suffix) = &fileparse($src, '.m');
    $path = '.'
Index: makeobjops.pl
===================================================================
RCS file: /home/ncvs/src/sys/kern/makeobjops.pl,v
retrieving revision 1.1
diff -u -d -r1.1 makeobjops.pl
--- makeobjops.pl	2000/04/08 14:17:10	1.1
+++ makeobjops.pl	2000/11/23 15:58:36
@@ -118,10 +118,12 @@
 $tmpdir = '.'                       # give up and use current dir
    if !$tmpdir;
 
+srand;
+
 foreach $src ( @filenames ) {
    # Names of the created files
-   $ctmpname = "$tmpdir/ctmp.$$";
-   $htmpname = "$tmpdir/htmp.$$";
+   $ctmpname = "$tmpdir/ctmp." . rand(9999);
+   $htmpname = "$tmpdir/htmp." . rand(9999);
 
    ($name, $path, $suffix) = &fileparse($src, '.m');
    $path = '.'


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14242.974995366>