On Wed, Mar 20, 2019 at 12:45:40PM +0100, Victor Stinner wrote: > Hi, > > I'm not really convinced that mktemp() should be made "more secure". > To be clear: mktemp() is vulnerable by design. It's not a matter of > entropy. You can watch the /tmp directory using inotify and "discover" > immediately the "secret" filename, it doesn't depend on the amount of > entropy used to generate the filename. A function is either unsafe or > secure. Security is not a binary state, it is never either-or "unsafe" or "secure". Secure against what attacks? Unsafe under what circumstances? I can use the unsafe mktemp on a stand alone single-user computer, disconnected from the internet, guaranteed to have nothing but trusted software, and it will be secure in practice. Or I can use the "safe interfaces" and I'm still vulnerable to an Advanced Persistent Threat that has compromised the OS specifically to target my application. If the attacker controls the OS or the hardware, then effectively they've already won. -- Steven
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4