From: Paul Eggert <eggert@cs.ucla.edu>
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: bug-gnulib@gnu.org, libc-alpha@sourceware.org
Subject: Re: [PATCH 2/2] posix: Improve randomness on try_tempname_len
Date: Fri, 8 Jan 2021 18:20:31 -0800 [thread overview]
Message-ID: <c5a34863-2a7f-740d-1ac8-cafc4207ef76@cs.ucla.edu> (raw)
In-Reply-To: <20210104170349.3681241-2-adhemerval.zanella@linaro.org>
[-- Attachment #1: Type: text/plain, Size: 798 bytes --]
On 1/4/21 9:03 AM, Adhemerval Zanella wrote:
> For __GT_NOCREATE (mktemp, tempnam, tmpnam) getrandom is also used
> on first try, otherwise randomness is obtained using the clock plus
> a linear congruential generator.
Why not use getrandom in the first try also for __GT_DIR (mkdtemp) and
__GT_FILE (mkostemp, mkostemps, mkstemp, mkstemps, tmpfile)? That is
what Gnulib tempname.c is doing now. This not only simplifies the code,
it improves resistance to some (admittedly less-likely) attacks.
> Also for getrandom GRND_NONBLOCK is used to avoid blocking indefinitely
> on some older kernels.
Thanks, I installed that part of the proposal into Gnulib by installing
the attached. The idea is for tempname.c to be identical after we get
the abovementioned issue worked out.
[-- Attachment #2: 0001-tempname-don-t-block-for-minutes.patch --]
[-- Type: text/x-patch, Size: 1899 bytes --]
From b0ebaf83a49fe4a895a78ddf5b0c4a029e34c566 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 8 Jan 2021 17:54:30 -0800
Subject: [PATCH] =?UTF-8?q?tempname:=20don=E2=80=99t=20block=20for=20minut?=
=?UTF-8?q?es?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Derived from a patch proposed by Adhemerval Zanella in:
https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
* lib/tempname.c (random_bits): Use GRND_NONBLOCK.
---
ChangeLog | 5 +++++
lib/tempname.c | 5 +++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 812888f8e..b76330e5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
2021-01-08 Paul Eggert <eggert@cs.ucla.edu>
+ tempname: don’t block for minutes
+ Derived from a patch proposed by Adhemerval Zanella in:
+ https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
+ * lib/tempname.c (random_bits): Use GRND_NONBLOCK.
+
tempname: sync with proposed glibc patch
This is from Adhemerval Zanella in:
https://sourceware.org/pipermail/libc-alpha/2021-January/121301.html
diff --git a/lib/tempname.c b/lib/tempname.c
index f196b9862..f199b25a7 100644
--- a/lib/tempname.c
+++ b/lib/tempname.c
@@ -80,10 +80,11 @@ static random_value
random_bits (random_value var)
{
random_value r;
- if (__getrandom (&r, sizeof r, 0) == sizeof r)
+ /* Without GRND_NONBLOCK it can be blocked for minutes on some systems. */
+ if (__getrandom (&r, sizeof r, GRND_NONBLOCK) == sizeof r)
return r;
#if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
- /* Add entropy if getrandom is not supported. */
+ /* Add entropy if getrandom did not work. */
struct __timespec64 tv;
__clock_gettime64 (CLOCK_MONOTONIC, &tv);
var ^= tv.tv_nsec;
--
2.27.0
next prev parent reply other threads:[~2021-01-09 2:20 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-04 17:03 [PATCH 1/2] posix: Sync tempname with gnulib [BZ #26648] Adhemerval Zanella
2021-01-04 17:03 ` [PATCH 2/2] posix: Improve randomness on try_tempname_len Adhemerval Zanella
2021-01-09 2:20 ` Paul Eggert [this message]
2021-01-11 12:29 ` Adhemerval Zanella
2021-01-12 1:06 ` Paul Eggert
2021-01-09 1:58 ` [PATCH 1/2] posix: Sync tempname with gnulib [BZ #26648] Paul Eggert
2021-01-11 12:30 ` Adhemerval Zanella
-- strict thread matches above, loose matches on Subject: below --
2020-09-29 12:55 Adhemerval Zanella
2020-09-29 12:55 ` [PATCH 2/2] posix: Improve randomness on try_tempname_len Adhemerval Zanella
2020-10-26 19:46 ` Adhemerval Zanella
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c5a34863-2a7f-740d-1ac8-cafc4207ef76@cs.ucla.edu \
--to=eggert@cs.ucla.edu \
--cc=adhemerval.zanella@linaro.org \
--cc=bug-gnulib@gnu.org \
--cc=libc-alpha@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).