You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@harmony.apache.org by "Tim Ellison (JIRA)" <ji...@apache.org> on 2007/08/24 12:43:31 UTC
[jira] Resolved: (HARMONY-4663)
[classlib][luni]File.createTempFile() is insecure
[ https://issues.apache.org/jira/browse/HARMONY-4663?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Tim Ellison resolved HARMONY-4663.
----------------------------------
Resolution: Fixed
Thanks Imran.
Fixed in LUNI module at repo revision r569338.
Please check it was fixed as you expected.
> [classlib][luni]File.createTempFile() is insecure
> -------------------------------------------------
>
> Key: HARMONY-4663
> URL: https://issues.apache.org/jira/browse/HARMONY-4663
> Project: Harmony
> Issue Type: Bug
> Components: Classlib
> Reporter: Imran Ghory
> Assignee: Tim Ellison
>
> createTempFile() generates a random file name by calling genTempFile(prefix, newSuffix, tmpDirFile), however that function generates it's randomness by calling new java.util.Random().nextInt(); which creates a Random() object seeded with the current time. This makes it predictable and thus insecure[1].
> [1] See section "7.10.1.2. Temporary Files" at http://www.faqs.org/docs/Linux-HOWTO/Secure-Programs-HOWTO.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.