sec(interpreter): `$RANDOM` predictability — uses deterministic PRNG without cryptographic seeding

[chaliy]

Summary

The `$RANDOM` variable in bashkit uses a deterministic pseudo-random number generator. If the seed is predictable (e.g., based on process start time), an attacker who knows when the interpreter was started can predict future `$RANDOM` values. This is security-relevant when `$RANDOM` is used for:

• Temporary file names (`mktemp` with $RANDOM suffix)
• Nonce generation
• Simple authentication tokens
• Random delays for security purposes

Threat category: NEW — TM-RNG (Random Number Generation)
Severity: Low
Component: `crates/bashkit/src/interpreter/mod.rs` or `state.rs`, $RANDOM implementation

Root Cause

Real bash uses a linear congruential generator seeded with the PID and time. Bashkit may use a similar approach or a fixed seed. In a sandboxed VFS environment where the PID is fixed (synthetic), the seed may be even more predictable.

Steps to Reproduce

# Check if RANDOM produces predictable sequences
echo $RANDOM $RANDOM $RANDOM
# Run again in a new instance
echo $RANDOM $RANDOM $RANDOM
# If sequences are identical, the seed is deterministic

Impact

• Temporary file prediction: If scripts use `$RANDOM` in temp file paths, attacker can predict and pre-create files
• Token prediction: Simple token generation using `$RANDOM` is breakable
• Race condition exploitation: Predictable random delays enable timing attacks

Acceptance Criteria

• Verify `$RANDOM` is seeded with cryptographic entropy (e.g., `getrandom` or `/dev/urandom`)
• Ensure different Bash instances produce different `$RANDOM` sequences
• Document that `$RANDOM` is NOT cryptographically secure (consistent with real bash)
• Consider providing a `$SRANDOM` variable (bash 5.1+) using a CSPRNG for security-sensitive use cases
• Add test: two Bash instances produce different `$RANDOM` sequences