From: Patrick Steinhardt <ps@pks.im>
To: Junio C Hamano <gitster@pobox.com>
Cc: git@vger.kernel.org, "Randall S. Becker" <randall.becker@nexbridge.ca>
Subject: Re: [PATCH 2/2] reftable/stack: accept insecure random bytes
Date: Wed, 8 Jan 2025 07:51:41 +0100 [thread overview]
Message-ID: <Z34gfa-_dSbWD19h@pks.im> (raw)
In-Reply-To: <xmqqv7uqqqu9.fsf@gitster.g>
On Tue, Jan 07, 2025 at 01:03:26PM -0800, Junio C Hamano wrote:
> Junio C Hamano <gitster@pobox.com> writes:
>
> > Yet a platform replaces it with a function that returns an error or
> > aborts? What kind of nonsense is that? Do we really need to cater
> > to such an insanity?
> >
> > Use of git_rand() here goes backwards against the more recent trend
> > in reftable/ directory to wean the code off of the rest of Git by
> > getting rid of unnecessary dependency, doesn't it?
It certainly does, yes, but unifying those two callsites to do the same
is also something I do in a patch series that gets rid of the last deps
on the Git codebase. This then allows me to move `git_rand()` into
"reftable/system.h" and make it a shim provided by the respective code
base that it's part of. So it's not a step backwards.
> > I think [PATCH 1/2] makes sense regardless, though. But shouldn't
> > we be pushing back this step, with "fix your rand(3)"?
> >
> > Thanks.
>
> Ah, I misread the patch. It has two hunks, and what I said applies
> to the earlier one, but the later one is already contaminated with
> git_rand(), and that is what is failing, i.e. it is not a nonsense
> platform replacing rand() with something that can fail.
>
> It may still make sense to drop the first hunk, and consider how to
> proceed when you further want to reduce the unnecessary dependencies
> for external users of the reftable library, though. Are there
> correctness implications if git_rand() in format_name() yields non
> random results (like, always using "rnd = 0" instead of calling
> git_rand())? I seriously hope not. And if there is no correctness
> implications, perhaps we can replace it with rand() or even constant
> "0"?
No, there aren't any implications on correctness in that case. Sure, the
randomized delays not being randomized can lead to more contention. But
even when the randomized suffix for tables is deterministic we wouldn't
have an issue as the files are still distinguished by their update
indices.
Patrick
next prev parent reply other threads:[~2025-01-08 6:51 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-07 15:26 [PATCH 0/2] reftable/stack: stop dying on exhausted entropy pool Patrick Steinhardt
2025-01-07 15:26 ` [PATCH 1/2] wrapper: allow generating insecure random bytes Patrick Steinhardt
2025-01-07 15:27 ` [PATCH 2/2] reftable/stack: accept " Patrick Steinhardt
2025-01-07 15:37 ` rsbecker
2025-01-07 20:56 ` Junio C Hamano
2025-01-07 21:03 ` rsbecker
2025-01-07 21:09 ` Junio C Hamano
2025-01-07 21:03 ` Junio C Hamano
2025-01-08 6:51 ` Patrick Steinhardt [this message]
2025-01-08 15:39 ` Junio C Hamano
2025-01-08 16:21 ` Patrick Steinhardt
2025-01-08 17:40 ` Junio C Hamano
2025-01-08 18:16 ` Patrick Steinhardt
2025-01-07 23:56 ` rsbecker
2025-01-07 23:21 ` [PATCH 0/2] reftable/stack: stop dying on exhausted entropy pool brian m. carlson
2025-01-07 23:54 ` rsbecker
2025-01-08 7:18 ` Patrick Steinhardt
2025-01-08 13:50 ` rsbecker
2025-01-08 22:44 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Z34gfa-_dSbWD19h@pks.im \
--to=ps@pks.im \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=randall.becker@nexbridge.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).