On Mon, 19 Jun 2006 10:30:02 BST, Tim Waugh said: > Doesn't seem to require a cryptographically random number here. In > fact, I'm not even sure it needs to be a freshly-random number each > time; perhaps '1' is sufficient. It's just for a transaction ID which > is never checked as far as I can tell. > > Should I patch hplip to use '1' here instead of random.randint() do you > think? If it's used, you should use at least a semi-random number to prevent replay attacks. If it's not used, it should be gutted entirely. Just setting it to 1 and praying is the wrong way to approach it in either case....
Attachment:
pgp7vnN0bAAB2.pgp
Description: PGP signature
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
