Fri Jul 3 19:19:00 GMT 2009
-----BEGIN PGP SIGNED MESSAGE-----
According to Christopher Faylor on 7/3/2009 9:17 AM:
> Is there some reason why we're not just using the newlib version of all
> of these functions? I have stared at the code in mktemp.cc and the only
> thing I see that seems to be Cygwin specific is the arc4random function.
> Is the security that this provides the only reason not to use newlib?
> That is probably a good enough reason right there but I was just
Well, before today, cygwin had mkdtemp but newlib didn't. But you are
correct that after today, the only substantial difference is getpid() vs.
arc4random(). For mkstemp, this is not an issue. But guess which one is
more predictable, and thus makes for a less secure mktemp (even though we
already have a compiler warning that mktemp is insecure)?
Maybe it would be worth pushing the arc4random approach to newlib?
Don't work too hard, make some time for fun as well!
Eric Blake firstname.lastname@example.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the Cygwin-patches