From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Bruno Haible Newsgroups: gmane.emacs.bugs Subject: bug#57129: 29.0.50; Improve behavior of conditionals in Eshell Date: Tue, 23 Aug 2022 02:13:02 +0200 Message-ID: <3893771.2iPT33SAM4__42799.7225242265$1661213660$gmane$org@nimes> References: <2758072.AiC22s8V5E@nimes> <2dc7ede0-eca7-baf5-f89a-f5d292b80808@cs.ucla.edu> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="16306"; mail-complaints-to="usenet@ciao.gmane.io" Cc: jporterbugs@gmail.com, Eli Zaretskii , bug-gnulib@gnu.org, larsi@gnus.org, 57129@debbugs.gnu.org To: Paul Eggert Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Aug 23 02:14:13 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oQHYb-00046o-99 for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 23 Aug 2022 02:14:13 +0200 Original-Received: from localhost ([::1]:47982 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oQHYa-00051r-8Z for geb-bug-gnu-emacs@m.gmane-mx.org; Mon, 22 Aug 2022 20:14:12 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:46448) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oQHYR-0004zM-Ki for bug-gnu-emacs@gnu.org; Mon, 22 Aug 2022 20:14:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:52307) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oQHYQ-0005PF-HY for bug-gnu-emacs@gnu.org; Mon, 22 Aug 2022 20:14:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oQHYQ-0002zu-E2 for bug-gnu-emacs@gnu.org; Mon, 22 Aug 2022 20:14:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Bruno Haible Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 23 Aug 2022 00:14:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 57129 X-GNU-PR-Package: emacs Original-Received: via spool by 57129-submit@debbugs.gnu.org id=B57129.166121359011441 (code B ref 57129); Tue, 23 Aug 2022 00:14:02 +0000 Original-Received: (at 57129) by debbugs.gnu.org; 23 Aug 2022 00:13:10 +0000 Original-Received: from localhost ([127.0.0.1]:42050 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oQHXa-0002yT-Ba for submit@debbugs.gnu.org; Mon, 22 Aug 2022 20:13:10 -0400 Original-Received: from mo4-p00-ob.smtp.rzone.de ([85.215.255.22]:43941) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oQHXW-0002yE-NA for 57129@debbugs.gnu.org; Mon, 22 Aug 2022 20:13:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1661213583; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Cc:Date: From:Subject:Sender; bh=dKs411Dwhve61VqE0MtHU+Go7Q/X6Cyt22hTGS9o+sU=; b=BqgN1fFwKyoXxnh9cxN4dejhbgiR7ogmDSWYrGLANZwa9BLa+dq1S4Ffv1I8hAxcwC IEhRcf9ReHdQSbRMwZCrEDZ2nlTZbH1ubA42D1TaCebaZE7dzj62Az94gkUsFjQuvNZA h2W8AOTCoPAyl2KnDMw4WwH5VtkbGnRWS6c0TR1MaajL4sOf3BtDND3ao3SPaDNJD248 P/BA20Ll5W4IO+VtfiM8+Z9ym/g20YvH7f81Yvsl8SEtdpjnkz6Z45wghCdMUWp206YK LFM8ksMv6wQB5E1CvE09nrh01vRaOxlKX/PNktcEhSiBGjlsQ1DISYey1xFRnTdfd5/y r6/g== Authentication-Results: strato.com; dkim=none X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zG6tLj91pCQ374KkH1mlxyMKJn+OEiU11lkyA==" X-RZG-CLASS-ID: mo00 Original-Received: from nimes.localnet by smtp.strato.de (RZmta 47.47.0 AUTH) with ESMTPSA id g97246y7N0D2WAi (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Tue, 23 Aug 2022 02:13:02 +0200 (CEST) In-Reply-To: <2dc7ede0-eca7-baf5-f89a-f5d292b80808@cs.ucla.edu> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:240482 Archived-At: Paul Eggert wrote: > Thanks for the detailed diagnosis, Bruno. To try to fix the problems I=20 > installed the attached patches into Gnulib. These look all good. Here's again my evaluation of the three scenarios: (Q1) What is the expected quality inside a single gen_tempname call? It depends on quality of random_bits(). Usually on the quality of getrandom(), which is good on most systems. And for the other systems, the "ersatz" in random_bits() gives reasonable quality. (Q2) What is the expected quality of multiple gen_tempname calls in a single process? (Q3) What is the expected quality when considering different processes that call gen_tempname? Both have the same answer: The file name essentially depends on the first call to random_bits(). Two different calls to random_bits() can be correlated only if - getrandom() is not well supported, and - CLOCK_REALTIME is not defined, and - we're in the same process, less than 0.01 sec apart. IMO, that's good enough. > If I understand things=20 > correctly, these patches should fix the 0.1% failure rate you observed=20 > on 64-bit mingw. Yes. Running the "case 2" part 1000 times again, among the 2000 generated file names, there are no duplicates =E2=80=94 neither on 32-bit mingw, nor = on 64-bit mingw. > They also fix a minor security leak I discovered: in=20 > rare cases, ASLR entropy was used to generate publicly visible file=20 > names, which is a no-no as that might help an attacker infer the=20 > randomized layout of a victim process. Excellent observation :-) > These fixes follow some but not all the suggestions you made. The basic=20 > problem I saw was that tempname.c was using too much belt-and-suspenders= =20 > code, so much so that the combination of belts and suspenders=20 > misbehaved. I simplified it a bit and this removed the need for some of=20 > the suggestions. Thanks. The major quality boost comes from invoking getrandom() always. Bruno