This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v9] Add getentropy, getrandom, <sys/random.h> [BZ #17252]
- From: Zack Weinberg <zackw at panix dot com>
- To: Florian Weimer <fweimer at redhat dot com>, Torvald Riegel <triegel at redhat dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>
- Date: Tue, 6 Dec 2016 08:41:33 -0500
- Subject: Re: [PATCH v9] Add getentropy, getrandom, <sys/random.h> [BZ #17252]
- Authentication-results: sourceware.org; auth=none
- References: <5b8e5866-d071-9e2c-54e7-2ccf857a2fd8@redhat.com> <97f4db91-49d9-83fa-9f67-6cc718629160@redhat.com> <1480697250.14990.52.camel@redhat.com> <680d0bed-b164-b809-d672-e0278fe08d7e@redhat.com>
On 12/06/2016 07:55 AM, Florian Weimer wrote:
> On 12/02/2016 05:47 PM, Torvald Riegel wrote:
>> On Wed, 2016-11-30 at 17:15 +0100, Florian Weimer wrote:
>>> On 11/30/2016 02:33 PM, Florian Weimer wrote:
>>>> This iteration of the patch implements both getrandom and getentropy at
>>>> the same time.
>>
>> This basically looks good to me (though I'm no expert on the actual
>> syscall etc.).
>
> Thanks.
>
> Zack, would you comment as well, please?
The 256-byte limit is unfortunate but I see why we want it.
I think you should remove this assertion:
+ /* The Linux implementation never returns zero if the length
+ argument is not zero, and does not perform a short read for
+ sizes <= 256. */
+ assert (bytes == length);
it strikes me as Knowing Too Much about the kernel interface.
My only other remaining concern is the name mangling, and unfortunately
we really do have to resolve that before this can be committed, because
we'll be stuck with whatever decision we make here forever.
I still don't really understand what problems you are trying to solve by
mangling names, I still think that ad-hoc addition of mangled names with
forcible redirection in the headers is unlikely to be the *correct* fix
to whatever the problems actually are, and most importantly of all, I
still don't understand why you are convinced *these particular symbols*
need "interposition protection". You said
> getentropy definitely needs interposition protection because it is
> frequently redefined. We'll need to rebuild a distribution to see if
> the current approach is sufficient. For consistency, I also added
> interposition protection for getrandom.
and this makes absolutely no sense at all to me. Is it not the case
that people are defining getentropy and/or getrandom *because* libc
doesn't? Won't their build systems notice (via AC_REPLACE_FUNCS or
equivalent) that libc is now defining them, and stop?
A concrete example of a real program or combination of programs, that
will break if we don't do this, would be really helpful to me. Not a
demo, please, something that already exists in the wild.
zw