Re: Temporary Files

[Jamie C. <jca...@we...>]

"Ryan W. Maple" wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> You're right.  Actually there is a better way to seed the PRNG with a less
> expnsive hit on the processor.  Replace:
> 
>   srand (time ^ $$ ^ unpack "%L*", `ps axww | gzip`);
> 
> with:
> 
>   srand (time ^ $$ ^ `head -1 /dev/urandom`);
> 
> Just about every platform on which Webmin will run has either /dev/urandom
> or /dev/random, so you may want to make it /dev/random.  Being as the temp
> files are as secure as possible the name is not as important as it would
> be if it were simply being put in /tmp with world-read/write/execute
> rights.
> 
> However, using /dev/random can be VERY costly if the system does not have
> any entropy, as it will hang and wait for stuff to happen (disk seeks,
> keyboard input, etc).  So urandom is much better then random in this case.
> 
> In any case, like I said, the name is not that important.  Most people
> don't know how to do enough analysis on a PRNG and break it. :)  What you
> suggest should work very well.
> 
> Just some time estimates:
> 
> Using ps:
>   0.04user 0.06system 0:00.09elapsed 107%CPU (0avgtext+0avgdata 0maxresident)k
>   0.05user 0.04system 0:00.09elapsed 96%CPU (0avgtext+0avgdata 0maxresident)k
>   0.03user 0.06system 0:00.09elapsed 96%CPU (0avgtext+0avgdata 0maxresident)k
> 
> Using urandom:
>   0.01user 0.02system 0:00.02elapsed 120%CPU (0avgtext+0avgdata 0maxresident)k
>   0.01user 0.01system 0:00.02elapsed 80%CPU (0avgtext+0avgdata 0maxresident)k
>   0.02user 0.01system 0:00.02elapsed 115%CPU (0avgtext+0avgdata 0maxresident)k
> 
> Using random (note the time in #2, I had to bang on the keyboard):
>   0.01user 0.01system 0:00.01elapsed 111%CPU (0avgtext+0avgdata 0maxresident)k
>   0.02user 0.12system 0:04.74elapsed 2%CPU (0avgtext+0avgdata 0maxresident)k
>   0.01user 0.01system 0:00.01elapsed 117%CPU (0avgtext+0avgdata 0maxresident)k
> 
> Wow, these emails keep on getting long.  Sorry for my rambling.  I haven't
> been reading Applied Cryptography lately, really... :)
> 
> Cheers,
> Ryan

How about this for an improved tempname() function - it uses /dev/urandom
where available, though only reads 4 bytes for seeding srand() as any more
would be larger than the function can handle anyway.

# tempname([filename])
# Returns a mostly random temporary file name
sub tempname
{
while(1) {
        local @st = lstat("/tmp/.webmin");
        last if (!$st[4] && !$st[5] && $st[2] & 0x4000 &&
                 ($st[2] & 0777) == 0755);
        if (@st) {
                unlink("/tmp/.webmin") || system("rm -rf /tmp/.webmin");
                }
        mkdir("/tmp/.webmin", 0755) || next;
        chown(0, 0, "/tmp/.webmin");
        chmod(0755, "/tmp/.webmin");
        }
if (defined($_[0]) && $_[0] !~ /\.\./) {
        return "/tmp/.webmin/$_[0]";
        }
else {
        $main::tempfilecount++;
        if (!$main::done_tempname_srand++) {
                # Seed the random number generator
                if (open(RANDOM, "/dev/urandom")) {
                        local $buf;
                        read(RANDOM, $buf, 4);
                        close(RANDOM);
                        srand(time() ^ $$ ^ $buf);
                        }
                else {
                        srand(time() ^ $$);
                        }
                }
        return "/tmp/.webmin/".int(rand(1000000))."_".
               $main::tempfilecount."_".$scriptname;
        }
}

 - Jamie