On Tue, Nov 16, 2021 at 07:36:51PM -0800, Carlo Arenas wrote: > > > for the little amount of random data we need, it might be wiser to > > > fallback to something POSIX like lrand48 which is most likely to be > > > available, but of course your tests that consume lots of random data > > > will need to change. > > > > Unfortunately that won't help. You have to seed lrand48 with something, > > which usually means pid and/or timestamp. Which are predictable to an > > attacker, which was the start of the whole conversation. You really need > > _some_ source of entropy, and only the OS can provide that. > > again, showing my ignorance here; but that "something" doesn't need to > be guessable externally; ex: git add could use as seed contents from > the file that is adding, or even better mix it up with the other > sources as a poor man's /dev/urandom Those contents are still predictable. So you've made the attacker's job a little harder (now they have to block tempfiles for, say, each tag you're going to verify), but haven't changed the fundamental problem. It definitely would help in _some_ threat models, but I think we should strive for a solution that can be explained clearly as "nobody can DoS your tempfiles" without complicated qualifications. -Peff
