improved thread safety?

Andrew Bartlett abartlet at
Sun Jan 20 22:08:58 GMT 2008

On Sat, 2008-01-19 at 14:46 -0500, David Collier-Brown wrote:
> > Jelmer Vernooij wrote:
> >>>     random
> >>>     srandom
> >>
> >>
> >> I'm not sure what to do about these. Are there any better alternatives?
>      	Sun says "Newer and better performing random number generators such as
>      	addrans() and lcrans() are available" but they're older, solaris-only
> 	ones. Mac has arc4random(3), and so on...
> 	I suspect you may need to research portable random number routines,
> 	as used on multiple platforms by folks like Open SSH

The use of random() in Samba4 is numerous, but unimportant.  It is used
extensively in the smbtorture suite (where setting the random seed with
srandom(), to obtain a reproducable run, is useful).  

It is not used in any location where cryptographicly secure random data
is desirable. 

We have a arcfour based PRNG we seed with /dev/urandom at startup, and I
only found 1 place where we actually wanted really, really secret
(rather than just non-repeating) random numbers in Samba's core code
(heimdal has it's own routines). 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list