GNU bug report logs - #6683
mktemp foo.XXXXXXXXXXX is not sufficiently random

Previous Next

Package: coreutils;

Reported by: Paul Eggert <eggert <at> CS.UCLA.EDU>

Date: Tue, 20 Jul 2010 17:22:02 UTC

Severity: normal

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Paul Eggert <eggert <at> CS.UCLA.EDU>
To: Eric Blake <eblake <at> redhat.com>
Cc: 6683 <at> debbugs.gnu.org
Subject: bug#6683: mktemp foo.XXXXXXXXXXX is not sufficiently random
Date: Tue, 20 Jul 2010 11:10:30 -0700

On 07/20/10 10:41, Eric Blake wrote:
> Meanwhile, glibc's mkstemp() only replaces the last 6 X, regardless of
> how many additional X are present in the template.  Do we even need the
> extra randomness if the template contains more X?

Well, I did say that it was a _theoretical_ bug.  You need the extra
randomness if you run mktemp about 18e18 times (or more, of course).

Limiting it to the randomness needed for 6 Xs would give about 57 million
possibilities, which is fine for most applications, but the arbitrary limit
does rankle a bit given that one of GNU's tenets is no arbitrary limits.
The current coreutils code limits it to the randomness needed for about 10.7 Xs,
but that also is arbitrary, and it's easy to remove the arbitrary limit.
This bug report was last modified 13 years and 292 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.