* Mark Wielaard: > Hi Aaron, > > On Wed, 2026-06-03 at 17:12 -0400, Aaron Merey wrote: >> On Tue, Jun 2, 2026 at 6:47 AM Mark Wielaard <[email protected]> wrote: >> > +static inline int >> > +xmkstempat (int dirfd, char *templ) >> > +{ >> > + /* Only use these 64 chars. */ >> > + const char chars[] = >> > + "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-_"; >> > + >> > + /* Must end in 6X. */ >> > + size_t l = strlen (templ); >> > + if (l < 6 || memcmp (templ + l - 6, "XXXXXX", 6) != 0) >> > + { >> > + errno = EINVAL; >> > + return -1; >> > + } >> > + >> > + int tries = 128; /* Just fail with EEXIST if 128 tries wasn't enough. >> > */ >> > + do >> > + { >> > + uint64_t r; /* We need at least 64^6 == 2^36 */ >> > + if (TEMP_FAILURE_RETRY (getrandom (&r, sizeof (r), 0)) != sizeof >> > (r)) >> >> getrandom was introduced in glibc 2.25 (Feb 2017) so it's probably safer if >> we add a configure check for getrandom or <sys/random.h>. There's one >> already >> for reallocarray (glibc 2.26) plus fallbacks if it's missing. > > I would hope 9 years is old enough. But yeah. I'll add a "fallback > getrandom" for systems that don't have it. Meh.
It can also be blocked by a seccomp filter in a container. Thanks, Florian
