Am 04.02.22 um 01:27 schrieb Junio C Hamano: > "brian m. carlson" <sandals@xxxxxxxxxxxxxxxxxxxx> writes: > >>> * bc/csprng-mktemps (2022-01-17) 2 commits >>> - wrapper: use a CSPRNG to generate random file names >>> - wrapper: add a helper to generate numbers from a CSPRNG >>> >>> Pick a better random number generator and use it when we prepare >>> temporary filenames. >>> >>> Are we solving the right problem? >>> cf. <220118.86zgntpegy.gmgdl@xxxxxxxxxxxxxxxxxxx> >>> source: <20220117215617.843190-1-sandals@xxxxxxxxxxxxxxxxxxxx> >> >> It sounds like folks would prefer we drop this series. I'm not planning >> to send an alternate approach here. > > I personally am OK with these two patches, by the way. There was an > interesting thought experiment to see if we can only rely on > mkstemp() and mkdtemp() that we assume are already secure enough, > but swapping the not-particularly-good linear conguential generator > used in git_mkstemps_mode() with a better algorithm that is > externally supported, making the security issue somebody else's > problem, is a good incremental improvement, I would think. We can use mkdtemp(3) in diff.c to get rid of the prefix currently added to temporary filenames, but using mkstemp(3) to create files with custom permissions with proper umask(2) handling is painful. Replacing the RNG in git_mkstemps_mode(), as this series does, is simpler overall. > Unless I hear differently from others, I am planning to mark the > topic for 'next' in my draft of the "What's cooking" report. Great! René
