[PATCH] Update to the Samba crypto requirements document
abartlet at samba.org
Wed Feb 21 02:56:28 UTC 2018
On Thu, 2018-01-04 at 11:24 +0100, Volker Lendecke via samba-technical
> We can do either. /dev/urandom *or* getentropy syscall, determined at
> compile time. No runtime fallback.
> If modern glibc screws us on old kernels, we just can't use
I certainly agree that this needs to be compile-time and if at runtime
it fails with ENOSYS we just abort(). I realise the whole build host
vs runtime host thing, but in this security critical space fallbacks
just end up in disaster.
Thankfully the manpage indicates a failure and not internal fallbacks
(comparing favourably with the libbsd thing I blasted a few days ago)
"ENOSYS This kernel version does not implement the getrandom(2) system
call required to implement this function."
That is what Andreas's patch does, so could we move it forward?
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba-technical