Removal of support for systems without /dev/urandom.
Ira Cooper
ira at samba.org
Fri Feb 21 20:46:54 MST 2014
I'd like a 2nd reviewer, and a general signoff "Yes, we are ok ditching
support for those old systems."
Thanks,
-Ira
On Fri, Feb 21, 2014 at 2:46 PM, Andreas Schneider <asn at samba.org> wrote:
> On Saturday 15 February 2014 10:07:22 Ira Cooper wrote:
> > This is a patch to clean up 2 Coverity issues that really pointed at a
> > larger issue in our code base.
> >
> > The code used for seeding the random number generator, without
> > /dev/urandom, is not currently insecure, but it is time to deal with it
> > before it becomes so.
> >
> > I've put a check into waf to break configure if it can not find
> > /dev/urandom. If you defeat that, you will run into a #error compiling
> > without /dev/urandom. If you get past all that... you get what you
> deserve
> > ;).
> >
> > I hope that is sufficient to warn people about the change.
>
> Reviewed-by: Andreas Schneider <asn at samba.org>
>
> I think someone else should look at it too. I think this is critical code
> so
> more eyes are better.
>
>
> -- andreas
>
>
> --
> Andreas Schneider GPG-ID: CC014E3D
> Samba Team asn at samba.org
> www.samba.org
>
>
More information about the samba-technical
mailing list