On 2013-04-23 14:13:37 -0500, Derek Martin wrote: > On Tue, Apr 23, 2013 at 01:28:34PM -0500, Derek Martin wrote: > > This is an annoyingly hard problem. > > Incidentally, once you have identified a good source of random data, > the problem becomes easier.
If the goal is to create a temporary file to view an attachment, the contents of the attachment (and/or the mail itself) can be used as a source of random data. I suppose that the attacker isn't the one who sent the mail in question and the mailbox isn't public. More generally, if a mailbox is open and non-empty, this is a source of random data too... -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
