This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Add getrandom implementation [BZ #17252]
- From: Joseph Myers <joseph at codesourcery dot com>
- To: Paul Eggert <eggert at cs dot ucla dot edu>
- Cc: Florian Weimer <fweimer at redhat dot com>, <libc-alpha at sourceware dot org>
- Date: Fri, 10 Jun 2016 22:06:14 +0000
- Subject: Re: [PATCH] Add getrandom implementation [BZ #17252]
- Authentication-results: sourceware.org; auth=none
- References: <20160610210303 dot 6CE3E40141175 at oldenburg dot str dot redhat dot com> <alpine dot DEB dot 2 dot 20 dot 1606102115300 dot 20503 at digraph dot polyomino dot org dot uk> <be07cb5e-313f-4f52-61e1-6522fe4e4732 at cs dot ucla dot edu>
On Fri, 10 Jun 2016, Paul Eggert wrote:
> How about if we use a simpler implementation instead, one that opens, reads,
> and closes /dev/whatever each time getrandom is called? That would be a bit
> slower slower but would avoid this problem and probably other problems.
That would certainly be my preference. (You still need O_CLOEXEC on the
open, as for all cases where file descriptors are used internally in
glibc, to avoid leaking file descriptors to concurrent fork and exec from
other threads.)
It's in the nature of this code - returning cryptographically-secure
random numbers - to be used in security-critical places. And for such
code, there are advantages to being simple enough to be obviously safe and
not to need lots of complicated defensive code.
--
Joseph S. Myers
joseph@codesourcery.com