Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 236338 - sys-apps/mktemp-1.5 generated string partly not random
Summary: sys-apps/mktemp-1.5 generated string partly not random
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://bugs.debian.org/495193
Whiteboard: B3?
Keywords:
Depends on:
Blocks:
 
Reported: 2008-09-01 09:53 UTC by Ulrich Müller
Modified: 2011-01-18 11:27 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ulrich Müller gentoo-dev 2008-09-01 09:53:54 UTC 
This was reported by Dirk Wetter on the Debian bug tracker (see URL):
"There's a problem with the randomness of mktemp. The string includes a number which includes somewhat the current process ID (based on the current PID)."

AFAICS, mktemp from coreutils is not affected.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-09-01 10:22:50 UTC 
This is an error in (non-coreutils) mktemp's own filename generator. However, we use "econf --with-libc", which makes mktemp just a wrapper around glibc's mkstemp() function. So this does not affect us.