Package: mktemp
Version: 1.5-2
Severity: grave
Tags: security
There's a problem with the randomness of mktemp. The
string includes a number which includes somewhat
the current process ID (based on the current PID). Worse:
Subsequent calls just seem to increase the number
by one:
[EMAIL
severity critical
thanks
Hi Dirk,
* Dirk Wetter [EMAIL PROTECTED] [2008-08-15 11:57]:
There's a problem with the randomness of mktemp. The
string includes a number which includes somewhat
the current process ID (based on the current PID). Worse:
Subsequent calls just seem to increase the
Possible solutions:
1) change the algorithm
2) use libc mkstemp (will break templates shorter than 6 characters)
3) ship mktemp from sarge (will break templates shorter than 6
characters)
4) ship coreutils mktemp (will break templates shorter than 3
characters)
--
To UNSUBSCRIBE, email to
I raised the severity to critical as a lot of shell scripts
in Debian rely on this data being random.
Why is that important? The purpose of mktemp is to return a unique
filename and to actually create the file. Can you describe an attack
based on the non-randomness of the filename?
Sven
Am 15.08.2008 14:02, Clint Adams schrieb:
Possible solutions:
1) change the algorithm
2) use libc mkstemp (will break templates shorter than 6 characters)
3) ship mktemp from sarge (will break templates shorter than 6
characters)
4) ship coreutils mktemp (will break templates shorter than 3
On 2008-08-15 Clint Adams [EMAIL PROTECTED] wrote:
Possible solutions:
1) change the algorithm
2) use libc mkstemp (will break templates shorter than 6 characters)
3) ship mktemp from sarge (will break templates shorter than 6
characters)
4) ship coreutils mktemp (will break templates
Am 15.08.2008 14:42, Andreas Metzler schrieb:
On 2008-08-15 Clint Adams [EMAIL PROTECTED] wrote:
is there actually a reason for using the PID and for limiting the
non-pid part to [[A-Za-z]?
Why not
bugs included-
--- mktemp-1.5.orig/priv_mktemp.c
+++ mktemp-1.5/priv_mktemp.c
@@
Hi Sven,
* Sven Joachim [EMAIL PROTECTED] [2008-08-15 15:40]:
I raised the severity to critical as a lot of shell scripts
in Debian rely on this data being random.
Why is that important? The purpose of mktemp is to return a unique
filename and to actually create the file. Can you
On 2008-08-15 14:42 +0200, Andreas Metzler wrote:
is there actually a reason for using the PID and for limiting the
non-pid part to [[A-Za-z]?
Why not
bugs included-
--- mktemp-1.5.orig/priv_mktemp.c
+++ mktemp-1.5/priv_mktemp.c
@@ -81,25 +81,20 @@
register char *start,
On 2008-08-15 Sven Joachim [EMAIL PROTECTED] wrote:
On 2008-08-15 14:42 +0200, Andreas Metzler wrote:
is there actually a reason for using the PID and for limiting the
non-pid part to [[A-Za-z]?
[...]
- char *alphabet = ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
+ char
10 matches
Mail list logo
