On Tue, Nov 16, 2021 at 05:50:44PM -0800, Carlo Arenas wrote:

for the little amount of random data we need, it might be wiser to
fallback to something POSIX like lrand48 which is most likely to be
available, but of course your tests that consume lots of random data
will need to change.

Unfortunately that won't help. You have to seed lrand48 with something,
which usually means pid and/or timestamp. Which are predictable to an
attacker, which was the start of the whole conversation. You really need
_some_ source of entropy, and only the OS can provide that.

PS. Probably missing context as I don't know what was discussed
previously, but indeed making this the libc problem by using mkstemp
(plus some compatibility on top), like Peff mentioned seems like a
more straightforward "fix"

It might be nice if it works. I don't recall all of the reasons that led
us to implement our own mkstemp in the first place. So the first step
would probably be digging in the history and the archive to find that
out, and whether it still applies.

-Peff