[PATCH] Always read from /dev/urandom
Andrew Bartlett
abartlet at samba.org
Tue Oct 13 07:43:47 UTC 2015
On Mon, 2015-10-12 at 20:43 +0200, Volker Lendecke wrote:
> On Tue, Oct 13, 2015 at 07:38:38AM +1300, Andrew Bartlett wrote:
> > The main risk would seem to be the abort() on lack of access to
> > /dev/urandom, it will be interesting to see if that finds places
> > where
> > Samba fell back to poor internal entropy in the past.
>
> Right. But on the other hand -- why would open(/dev/urandom)
> ever fail?
The reason for the new getentropy syscall is that it can fail, if we
run out of FDs, or are in a chroot.
Failing hard is the right thing to do, the alternatives (like we had in
the past) are quite unsafe.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list