On Tue, May 3, 2016 at 4:48 PM, <tytso@xxxxxxx> wrote: > On Tue, May 03, 2016 at 03:57:15PM +0200, Nikos Mavrogiannopoulos wrote: >> I believe their main concern is that they want to protect applications >> which do not check error codes of system calls, when running on a >> kernel which does not provide getrandom(). That way, they have an >> almost impossible task to simulate getrandom() on kernel which do not >> support it. > > The whole *point* of creating the getrandom(2) system call is that it > can't be simulated/emulated in userspace. If it can be, then there's > no reason why the system call should exist. This is one of the > reasons why haven't implemented mysql or TLS inside the kernel. :-) > So if their standard is "we need to simulate getrandom(2) on a kernel > which does not have it", we'll **never** see glibc support for it. By > definition, this is *impossible*. I know, and I share this opinion. To their defense they will have to provide a call which doesn't make applications fail in the following scenario: 1. crypto/ssl libraries are compiled to use getrandom() because it is available in libc and and in kernel 2. everything works fine 3. the administrator downgrades the kernel to a version without getrandom() because his network card works better with that version 4. Mayhem as applications fail However I don't see a way to avoid issues - though limited to corner cases - with any imperfect emulation. It would be much clear for glibc to just require a kernel with getrandom(). regards, Nikos -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html