mktemp-generated filenames insufficiently random when too short
Bug #258172 reported by
Till Ulen
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| mktemp (Debian) |
Fix Released
|
Unknown
|
|||
| mktemp (Ubuntu) |
Fix Released
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: mktemp
mktemp produces filenames that are partly not random, possibly allowing to mount a local attack.
Please see the discussion in Debian bug http://
Revision history for this message
| Kees Cook (kees) wrote | #1 |
| Changed in mktemp: | |
| importance: | Undecided → Low |
| status: | New → Confirmed |
| Changed in mktemp: | |
| status: | Unknown → Fix Released |
Revision history for this message
| Jamie Strandboge (jdstrand) wrote | #2 |
| Changed in mktemp: | |
| status: | Confirmed → Fix Released |
To post a comment you must log in.
This is at most a DoS, as mktemp safely creates the random file for us. In the case that an attacker has filled the drive with all possible combinations, mktemp will just fail to create the file, and scripts using mktemp should equally fail. If there are scripts that don't gracefully handle mktemp failing, bugs should be opened for those packages separately.