This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug libc/15813] Multiple issues in __gen_tempname

From: "bugdal at aerifal dot cx" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Fri, 11 Oct 2013 21:29:27 +0000
Subject: [Bug libc/15813] Multiple issues in __gen_tempname
Auto-submitted: auto-generated
References: <bug-15813-131 at http dot sourceware dot org/bugzilla/>

https://sourceware.org/bugzilla/show_bug.cgi?id=15813

--- Comment #2 from Rich Felker <bugdal at aerifal dot cx> ---
Issue 1, the undefined behavior, is the most serious. All cases of UB should be
fixed; this should simply be a set-in-stone policy.

Issue 2 is low-priority, but switching to a higher-quality entropy source would
be the easiest way to solve issue 3 and would improve the quality of the
simplest solution to issue 1 (removing the static state).

Issue 3 is possibly an attack vector, but fairly low priority (DoS only).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]