Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
> On Sun, Jun 11, 2023 at 12:01:04AM -0600, Theo de Raadt wrote:
> > I assume you are on an architecture where the linker is LLVM ld,
> > otherwise known as ld-lld in OpenBSD (some older architectures
> > still use ld-bfd).
> >
> > In llvm/lib/Support/Path.cpp, there is code that acts just like you
> > describe:
> >
> > void createUniquePath(const Twine &Model, SmallVectorImpl<char> &ResultPath,
> > bool MakeAbsolute) {
> > ...
> > // Replace '%' with random chars.
> > for (unsigned i = 0, e = ModelStorage.size(); i != e; ++i) {
> > if (ModelStorage[i] == '%')
> > ResultPath[i] = "0123456789abcdef"[sys::Process::GetRandomNumber() &
> > 15];
> > }
> >
> >
> > It apppears in the LLVM universe if you try to create a file with % in the
> > name, it has a different interpretation of what that % means, different than
> > what you want it to mean.
> >
> > https://docs.hdoc.io/hdoc/llvm-project/f1FB0DB2307A8013C.html
> >
> > Other than that, I can find no documentation.
>
> What a stupid interface, lets rebuild mktemp(2) and not learn from
> history. It is not like this is new unless you think 30years is new...
>
> Humanity is surely doomed
But it is worse. It is putting automatic TOCTOU into an unexpected place.
