Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 57779 Details for
Bug 88831
dev-db/phpmyadmin installs template SQL insecurely.
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
fn_get_random_string() pseudo-random string generation
random-string-gen.patch (text/plain), 2.75 KB, created by
Lorenzo Hernández García-Hierro
on 2005-05-01 16:13:15 UTC
(
hide
)
Description:
fn_get_random_string() pseudo-random string generation
Filename:
MIME Type:
Creator:
Lorenzo Hernández García-Hierro
Created:
2005-05-01 16:13:15 UTC
Size:
2.75 KB
patch
obsolete
> >This patch adds support for generation of pseudo-random string (33 bytes) >using a simplistic seeding "algorithm" that uses the /dev/urandom pseudo-random >numbers generator device to gather entropy, and MD5 to calculate pseudo-random >sums to be used for calculating the final MD5 sum, that is, the pseudo-random >string to be used finally (ie. for generating a random password value to be used >in automatically-created configuration or installation files). > >Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> >--- > > sbin/webapp-config | 31 +++++++++++++++++++++++++++++++ > 1 files changed, 31 insertions(+) > >diff -puN sbin/webapp-config~random-string-gen sbin/webapp-config >--- webapp-config-1.10-r11/sbin/webapp-config~random-string-gen 2005-05-01 23:42:55.660296760 +0200 >+++ webapp-config-1.10-r11-lorenzo/sbin/webapp-config 2005-05-02 00:40:58.528820264 +0200 >@@ -124,6 +124,7 @@ G_F_CHECK_CONFIG=0 > G_F_SECURE=0 > G_F_SOFT=0 > G_F_LEFTBEHIND=0 >+G_F_RANDSTR=0 > > # changing these variables changes the behaviour of this script > # you have been warned!! >@@ -2104,6 +2105,9 @@ fn_parseparams () > G_NEEDSERVER=1 > G_F_UPGRADE=1 > ;; >+ --randstr) >+ G_F_RANDSTR="1" >+ ;; > -d|--dir) > G_INSTALLDIR="$2" > G_ORIG_INSTALLDIR="$2" >@@ -3018,6 +3022,29 @@ EOF > } > > # ------------------------------------------------------------------------ >+# fn_get_random_string() >+# >+# Generates a random string (33 bytes) using a simplistic seeding "algorithm" >+# that uses the /dev/urandom pseudo-random numbers generator device to gather >+# entropy, and MD5 to calculate pseudo-random sums to be used for calculating >+# the final MD5 sum, that is, the pseudo-random string to be used finally (ie. >+# for generating a random password value to be used in automatically-created >+# configuration or installation files). >+# >+# No parameters >+ >+fn_get_random_string() >+{ >+SEED1=$(head -1 /dev/urandom -c 1000 | od -N 1000 | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+SEED2=$(head -1 /dev/urandom -c 10 | od -N 1000 | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+SEED3=$(head -1 /dev/urandom -c 1000 | od -N 1000 | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+SEED4=$(head -1 /dev/urandom -c 50 | od -N 1000 | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+SEED5=$(head -1 /dev/urandom -c 1000 | od -N 1000 | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+RNDSTR="$SEED1$SEED2$SEED3$SEED4$SEED5" >+RNDSTR=$(echo $RNDSTR | md5sum | sed -e 's/ -//' | sed -e 's/ //') >+} >+ >+# ------------------------------------------------------------------------ > # main() - it all happens here > # > # Inputs: >@@ -3036,6 +3063,10 @@ main () > fn_verifyparams > fi > >+ if [ "${G_F_RANDSTR}" = 1 ] ; then >+ fn_get_random_string >+ fi >+ > # the actual functions to do the work are stored in > # seperate scripts > # >_
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 88831
: 57779