Re: [PATCH 2/2] posix: Improve randomness on try_tempname_len

[Paul Eggert <eggert@cs.ucla.edu>]

[-- Attachment #1: Type: text/plain, Size: 798 bytes --]

On 1/4/21 9:03 AM, Adhemerval Zanella wrote:
> For __GT_NOCREATE (mktemp, tempnam, tmpnam) getrandom is also used
> on first try, otherwise randomness is obtained using the clock plus
> a linear congruential generator.

Why not use getrandom in the first try also for __GT_DIR (mkdtemp) and 
__GT_FILE (mkostemp, mkostemps, mkstemp, mkstemps, tmpfile)? That is 
what Gnulib tempname.c is doing now. This not only simplifies the code, 
it improves resistance to some (admittedly less-likely) attacks.

> Also for getrandom GRND_NONBLOCK is used to avoid blocking indefinitely
> on some older kernels.

Thanks, I installed that part of the proposal into Gnulib by installing 
the attached. The idea is for tempname.c to be identical after we get 
the abovementioned issue worked out.

[-- Attachment #2: 0001-tempname-don-t-block-for-minutes.patch --]
[-- Type: text/x-patch, Size: 1899 bytes --]

From b0ebaf83a49fe4a895a78ddf5b0c4a029e34c566 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 8 Jan 2021 17:54:30 -0800
Subject: [PATCH] =?UTF-8?q?tempname:=20don=E2=80=99t=20block=20for=20minut?=
 =?UTF-8?q?es?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Derived from a patch proposed by Adhemerval Zanella in:
https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
* lib/tempname.c (random_bits): Use GRND_NONBLOCK.
---
 ChangeLog      | 5 +++++
 lib/tempname.c | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 812888f8e..b76330e5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2021-01-08  Paul Eggert  <eggert@cs.ucla.edu>
 
+	tempname: don’t block for minutes
+	Derived from a patch proposed by Adhemerval Zanella in:
+	https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
+	* lib/tempname.c (random_bits): Use GRND_NONBLOCK.
+
 	tempname: sync with proposed glibc patch
 	This is from Adhemerval Zanella in:
 	https://sourceware.org/pipermail/libc-alpha/2021-January/121301.html
diff --git a/lib/tempname.c b/lib/tempname.c
index f196b9862..f199b25a7 100644
--- a/lib/tempname.c
+++ b/lib/tempname.c
@@ -80,10 +80,11 @@ static random_value
 random_bits (random_value var)
 {
   random_value r;
-  if (__getrandom (&r, sizeof r, 0) == sizeof r)
+  /* Without GRND_NONBLOCK it can be blocked for minutes on some systems.  */
+  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
     return r;
 #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
-  /* Add entropy if getrandom is not supported.  */
+  /* Add entropy if getrandom did not work.  */
   struct __timespec64 tv;
   __clock_gettime64 (CLOCK_MONOTONIC, &tv);
   var ^= tv.tv_nsec;
-- 
2.27.0