From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=3.0 tests=AWL,BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_PASS,
	SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by dcvr.yhbt.net (Postfix) with ESMTPS id 71CAA1F4B4
	for <normalperson@yhbt.net>; Sat,  9 Jan 2021 02:20:56 +0000 (UTC)
Received: from localhost ([::1]:41470 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>)
	id 1ky3s7-0008Ke-6y
	for normalperson@yhbt.net; Fri, 08 Jan 2021 21:20:55 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:56628)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1ky3rr-0008KF-2e
 for bug-gnulib@gnu.org; Fri, 08 Jan 2021 21:20:40 -0500
Received: from zimbra.cs.ucla.edu ([131.179.128.68]:56922)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <eggert@cs.ucla.edu>)
 id 1ky3rn-0006uE-9x
 for bug-gnulib@gnu.org; Fri, 08 Jan 2021 21:20:38 -0500
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id C4E991600CD;
 Fri,  8 Jan 2021 18:20:32 -0800 (PST)
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
 with ESMTP id YiKZEAgCYZGz; Fri,  8 Jan 2021 18:20:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
 by zimbra.cs.ucla.edu (Postfix) with ESMTP id BA38B1600F1;
 Fri,  8 Jan 2021 18:20:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Received: from zimbra.cs.ucla.edu ([127.0.0.1])
 by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
 with ESMTP id 9-hc8nWPrZ0B; Fri,  8 Jan 2021 18:20:31 -0800 (PST)
Received: from [192.168.1.9] (cpe-23-243-218-95.socal.res.rr.com
 [23.243.218.95])
 by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 890041600CD;
 Fri,  8 Jan 2021 18:20:31 -0800 (PST)
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
References: <20210104170349.3681241-1-adhemerval.zanella@linaro.org>
 <20210104170349.3681241-2-adhemerval.zanella@linaro.org>
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
Subject: Re: [PATCH 2/2] posix: Improve randomness on try_tempname_len
Message-ID: <c5a34863-2a7f-740d-1ac8-cafc4207ef76@cs.ucla.edu>
Date: Fri, 8 Jan 2021 18:20:31 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101
 Thunderbird/78.5.0
MIME-Version: 1.0
In-Reply-To: <20210104170349.3681241-2-adhemerval.zanella@linaro.org>
Content-Type: multipart/mixed; boundary="------------706EBA036C4C25124C68BC3F"
Content-Language: en-US
Received-SPF: pass client-ip=131.179.128.68; envelope-from=eggert@cs.ucla.edu;
 helo=zimbra.cs.ucla.edu
X-Spam_score_int: -43
X-Spam_score: -4.4
X-Spam_bar: ----
X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, NICE_REPLY_A=-0.241,
 RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: bug-gnulib@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Gnulib discussion list <bug-gnulib.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnulib>
List-Post: <mailto:bug-gnulib@gnu.org>
List-Help: <mailto:bug-gnulib-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnulib>,
 <mailto:bug-gnulib-request@gnu.org?subject=subscribe>
Cc: libc-alpha@sourceware.org, bug-gnulib@gnu.org
Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org
Sender: "bug-gnulib" <bug-gnulib-bounces+normalperson=yhbt.net@gnu.org>

This is a multi-part message in MIME format.
--------------706EBA036C4C25124C68BC3F
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 1/4/21 9:03 AM, Adhemerval Zanella wrote:
> For __GT_NOCREATE (mktemp, tempnam, tmpnam) getrandom is also used
> on first try, otherwise randomness is obtained using the clock plus
> a linear congruential generator.

Why not use getrandom in the first try also for __GT_DIR (mkdtemp) and=20
__GT_FILE (mkostemp, mkostemps, mkstemp, mkstemps, tmpfile)? That is=20
what Gnulib tempname.c is doing now. This not only simplifies the code,=20
it improves resistance to some (admittedly less-likely) attacks.

> Also for getrandom GRND_NONBLOCK is used to avoid blocking indefinitely
> on some older kernels.

Thanks, I installed that part of the proposal into Gnulib by installing=20
the attached. The idea is for tempname.c to be identical after we get=20
the abovementioned issue worked out.

--------------706EBA036C4C25124C68BC3F
Content-Type: text/x-patch; charset=UTF-8;
 name="0001-tempname-don-t-block-for-minutes.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="0001-tempname-don-t-block-for-minutes.patch"

=46rom b0ebaf83a49fe4a895a78ddf5b0c4a029e34c566 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 8 Jan 2021 17:54:30 -0800
Subject: [PATCH] =3D?UTF-8?q?tempname:=3D20don=3DE2=3D80=3D99t=3D20block=3D=
20for=3D20minut?=3D
 =3D?UTF-8?q?es?=3D
MIME-Version: 1.0
Content-Type: text/plain; charset=3DUTF-8
Content-Transfer-Encoding: 8bit

Derived from a patch proposed by Adhemerval Zanella in:
https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
* lib/tempname.c (random_bits): Use GRND_NONBLOCK.
---
 ChangeLog      | 5 +++++
 lib/tempname.c | 5 +++--
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 812888f8e..b76330e5b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2021-01-08  Paul Eggert  <eggert@cs.ucla.edu>
=20
+	tempname: don=E2=80=99t block for minutes
+	Derived from a patch proposed by Adhemerval Zanella in:
+	https://sourceware.org/pipermail/libc-alpha/2021-January/121302.html
+	* lib/tempname.c (random_bits): Use GRND_NONBLOCK.
+
 	tempname: sync with proposed glibc patch
 	This is from Adhemerval Zanella in:
 	https://sourceware.org/pipermail/libc-alpha/2021-January/121301.html
diff --git a/lib/tempname.c b/lib/tempname.c
index f196b9862..f199b25a7 100644
--- a/lib/tempname.c
+++ b/lib/tempname.c
@@ -80,10 +80,11 @@ static random_value
 random_bits (random_value var)
 {
   random_value r;
-  if (__getrandom (&r, sizeof r, 0) =3D=3D sizeof r)
+  /* Without GRND_NONBLOCK it can be blocked for minutes on some systems=
=2E  */
+  if (__getrandom (&r, sizeof r, GRND_NONBLOCK) =3D=3D sizeof r)
     return r;
 #if _LIBC || (defined CLOCK_MONOTONIC && HAVE_CLOCK_GETTIME)
-  /* Add entropy if getrandom is not supported.  */
+  /* Add entropy if getrandom did not work.  */
   struct __timespec64 tv;
   __clock_gettime64 (CLOCK_MONOTONIC, &tv);
   var ^=3D tv.tv_nsec;
--=20
2.27.0


--------------706EBA036C4C25124C68BC3F--