Date: Mon, 17 Jan 2000 13:12:16 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Dan Moschuk <dan@FreeBSD.ORG> Cc: Peter Jeremy <peter.jeremy@alcatel.com.au>, audit@FreeBSD.ORG Subject: Re: libc patch to warn about tempfiles Message-ID: <Pine.BSF.4.21.0001171307420.27848-100000@hub.freebsd.org> In-Reply-To: <20000117160427.E1156@spirit.jaded.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Jan 2000, Dan Moschuk wrote: > | encoding the PID in base-62 or more, rather than base 10) would be > | a better solution. This way you don't need to change the functions > | using mktemp() et al. > > Why not have it use arc4random()? It does. I think your question was actually "Why does it use the PID?" The obvious answer is for collision avoidance: it guarantees that no other process will use the same tempfile name for the life of the process. OTOH, if we were to use a purely random field of 36 bits then we'd have a 1 in 6.8e10 chance of collision, which isn't very strong. Increasing the length of the field would lower the probabilities exponentially, but then there's no advantage to just lengthening the field right now. Kris ---- "How many roads must a man walk down, before you call him a man?" "Eight!" "That was a rhetorical question!" "Oh..then, seven!" -- Homer Simpson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001171307420.27848-100000>