On Tue, Nov 16, 2021 at 07:36:51PM -0800, Carlo Arenas wrote:

quoted

quoted

for the little amount of random data we need, it might be wiser to
fallback to something POSIX like lrand48 which is most likely to be
available, but of course your tests that consume lots of random data
will need to change.

Unfortunately that won't help. You have to seed lrand48 with something,
which usually means pid and/or timestamp. Which are predictable to an
attacker, which was the start of the whole conversation. You really need
_some_ source of entropy, and only the OS can provide that.

again, showing my ignorance here; but that "something" doesn't need to
be guessable externally; ex: git add could use as seed contents from
the file that is adding, or even better mix it up with the other
sources as a poor man's /dev/urandom

Those contents are still predictable. So you've made the attacker's job
a little harder (now they have to block tempfiles for, say, each tag
you're going to verify), but haven't changed the fundamental problem.

It definitely would help in _some_ threat models, but I think we should
strive for a solution that can be explained clearly as "nobody can DoS
your tempfiles" without complicated qualifications.

-Peff