Michael Meeks wrote:
Hi there,
I saw your UUID change (which happened recently). It seems UUIDs are
now just output from the rtl random number generator, and I wonder: what
are UUIDs used for ? and - is it the case that this means we only seed
the pool with PID & gettimeofday ?
Yes, it appears that rtl/random.h currently internally only seeds with
that data. Matthias probably can give more insight if necessary.
Are UUIDs used in any security sensitive areas (magic object keys?) ?
how many are typically generated ? are they exchanged over the network ?
do they show up in the file format ever ?
UUIDs are used extensively for UNO's
com.sun.star.lang.XTypeProvider.getImplementationId and
com.sun.star.lang.XUnoTunnel. Those UUIDs are indeed created galore and
can also be passed across networks via URP. (By the way, both uses are
dubious: getImplemenationId is an alleged optimization that is probably
not needed, and XUnoTunnel is both bad to use and could easily use
something like rtl_getGlobalProcessId + getImplementationName for
uniqueness.)
Then, rtl_createUuid is used within rtl_getGlobalProcessId, which itself
is used in ~25 files (OLE, applets, UNO object ids), and in
pyuno/source/module/pyuno_module.cxx, which is also related to UNO.
Apart from that, rtl_createUuid is only used in
sc/source/filter/xcl97/XclExpChangeTrack.cxx, where it is obviously used
in some file format filter, and in
xmlsecurity/source/helper/xsecsign.cxx, where it probably is also used
in combination with files, namely file signing.
I notice too that sb68 got nominated with this:
+ if (pool == NULL) {
+ abort(); //TODO
+ }
+ }
+ if (rtl_random_getBytes(pool, pTargetUUID, 16) != rtl_Random_E_None) {
+ abort(); //TODO
This seems to be the only method in rtl/ that signals a failure mode by
the use of 'abort()' is that deliberate ? /me has had several unpleasant
debugging experiences with vcl's _exit(123); type thing on XError
recently FWIW.
The abort is deliberate, see
<http://www.openoffice.org/issues/show_bug.cgi?id=73782> (thanks for
pointing out that the code is not clear there). What problems exactly
did you have with _exit?
-Stephan
Thanks,
Michael.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
