| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Apr 2016 21:11:37 -0400 From: Theodore Ts'o <tytso@....edu> To: Nikos Mavrogiannopoulos <nmav@...tls.org> Cc: Stephan Mueller <smueller@...onox.de>, Herbert Xu <herbert@...dor.apana.org.au>, Linux Crypto Mailing List <linux-crypto@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Sandy Harris <sandyinchina@...il.com> Subject: Re: [RFC][PATCH 0/6] /dev/random - a new approach On Mon, Apr 25, 2016 at 10:23:51AM +0200, Nikos Mavrogiannopoulos wrote: > That's far from a solution and I wouldn't recommend to anyone doing > that. We cannot expect each and every program to do glibc's job. The > purpose of a system call like getrandom is to simplify the complex use > of /dev/urandom and eliminate it, not to make code handling randomness > in applications even worse. Yes, but if glibc is falling down on the job and refusing to export the system call (I think for political reasons; it's a Linux-only interface, so Hurd wouldn't have it), then the only solution is to either use syscall directly (it's not hard for getrandom, since we're not using 64-bit arguments which gets tricky for some architectures), or as Peter Avin has suggested, maybe kernel developers will have to start releasing the libinux library, and then teaching application authors to add -linux to their linker lines. - Ted
Powered by blists - more mailing lists