Last Comment Bug 356886 - On Unix, RNG_SystemInfoForRNG calls RNG_FileForRNG on the directories /tmp, /var/tmp, and /usr/tmp
: On Unix, RNG_SystemInfoForRNG calls RNG_FileForRNG on the directories /tmp, /...
Status: NEW
:
Product: NSS
Classification: Components
Component: Libraries (show other bugs)
: 3.11.3
: All All
-- normal (vote)
: ---
Assigned To: nobody
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-16 16:40 PDT by Wan-Teh Chang
Modified: 2017-02-02 03:45 PST (History)
4 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---


Attachments
A test program that demonstrates the problem, and sample output (3.27 KB, text/plain)
2006-10-16 17:31 PDT, Wan-Teh Chang
no flags Details

Description User image Wan-Teh Chang 2006-10-16 16:40:45 PDT
On Unix (lib/freebl/unix_rand.c), RNG_SystemInfoForRNG calls
RNG_FileForRNG on the directories /tmp, /var/tmp, and /usr/tmp.

RNG_FileForRNG first calls fopen on the directory, and then
calls fread on the FILE * pointer.  It seems that the goal is
to do a directory listing (to get a list of the files in a
directory).

What actually happens is that fopen succeeds but fread fails.
So the RNG_FileForRNG calls on the directories don't seem to
do what they are intended for.
Comment 1 User image Wan-Teh Chang 2006-10-16 17:31:38 PDT
Created attachment 242454 [details]
A test program that demonstrates the problem, and sample output
Comment 2 User image Nelson Bolyard (seldom reads bugmail) 2006-10-16 17:53:20 PDT
Once upon a time, the (binary) contents of a directory could be read,
just as any other file's contents could be read, by opening them and
reading them.  Besides file names, they also contains inode numbers
(IIRC), which were rather unpredictable (especially in /tmp) and 
therefore were thought to be a pretty good source of entropy.  
This code clearly reflects that era, days gone by now, apparently,
except on HP where the results still look interesting, but may not
have much entropy.

Note You need to log in before you can comment on or make changes to this bug.