On 02/05/14 21:40, William Ahern wrote:
Linux
also has an obscure sysctl which pulls directly from the internal CSPRNG. So
all of these will work in a jail without /dev or /proc.
That's cool, but as stated on Linux sysctl(2):
NOTES
Glibc does not provide a wrapper for this system call; call it
using syscall(2). Or rather... don't call it: use of
this system call has long been discouraged, and it is so
unloved that it is likely to disappear in a future kernel
version. Since Linux 2.6.24, uses of this system call
result in warnings in the kernel log. Remove it from your
programs now; use the /proc/sys interface instead.
This system call is available only if the kernel was configured
with the CONFIG_SYSCTL_SYSCALL option.
And indeed, trying a test program calling CTL_KERN, KERN_RANDOM,
RANDOM_UUID (from your code) prints
warning: process `sysctl-rand' used the deprecated sysctl system call
with 1.40.6.
and returned with ENOSYS (the kernel was compiled without
CONFIG_SYSCTL_SYSCALL).
So I don't think it's a suitable primary mean to gather random data
under Linux. :-(
I encourage you to raise at lkml the need to have a dev-less random data
source, though.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev