Skip to Content [alt-c]
In reply to LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]
Linux is correct in that it uses a device file. This is the Unix way. To control access to resources everything should be a device file.
You can control who dumps entropy with group write access. However, it looks like any one can in Debian:
crw-rw-rw- 1 root root 1, 9 Jun 15 12:17 /dev/urandom
The ioctl(2) is just a side band of those files.
Need to bind mount more for the chroot or use containers.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.