Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Jan 2013 01:28:09 +0100
From: Szabolcs Nagy <nsz@...t70.net>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] Add support for mkostemp, mkstemps and mkostemps

* Rich Felker <dalias@...ifal.cx> [2013-01-30 14:22:33 -0500]:
> On Wed, Jan 30, 2013 at 08:12:58PM +0100, Szabolcs Nagy wrote:
> > void __randname(char *p)
> > {
> > 	struct timespec ts;
> > 	unsigned long r;
> > 	int i;
> > 
> > 	clock_gettime(CLOCK_REALTIME, &ts);
> > 	r = ts.tv_nsec*65537 ^ (uintptr_t)&ts / 16 + (uintptr_t)p;
> > 	for (i=0; i<6; i++, r>>=5)
> > 		p[i] = 'A'+(r&15)+(r&16)*2;
> > }
> > 
> > this uses 30bits of r and mixes the random low bits of nsec
> > into the high bits
> 
> Keep in mind it might be bits 8-15 that are most valuable with ASLR
> (assuming the randomization only adjusts by small amounts and not so
> much to waste lots of address space). I think this needs a little bit
> more consideration.

hm then use *69069 (a favourite lcg multiplier of the
above mentioned george marsaglia according to knuth,
[taocp vol2 p108] so it probably mixes the low bits
of nsec well)

> > > Other implementations probably use 36 bits or slightly less (base64
> > > perhaps modified base64).
> > > 
> > > I could see it being feasible to increase this slightly and maybe even
> > 
> > <= 36bits is probably ok
> 
> You mean >=36? Or..?

i wanted to say that using <=64 chars in the filename is reasonable
(i thought there were only 62 robust chars: lower,upper,digits
so going above 36 does not make sense and we have 32bit input anyway)

but maybe #%+-._~ are ok as well (these are the ascii chars that
are not escaped by bash for whatever reason), except #+-.~ should
not be first char

in urls only -._ are the always safe extra chars

in regex #%-_~ are safe from the above set

but if we go above 62chars then more than 32bit input is needed


another proposal:

uint64_t r=1;
uint64_t a[]={stackptr, inputptr, sec, ns, pid, retrycount}; // entropy sources
for (i = 0; i < 6; i++) {
	r += a[i];
	r *= 6364136223846793005ull;
	r ^= r>>24;
}
for (i = 0; i < 6; i++, r /= 63)
	p[i] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_"[r%63];

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.