Re: Regarding the optional OpenSSL integration for the portable version

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On 02/05/14 21:40, William Ahern wrote:

Linux
also has an obscure sysctl which pulls directly from the internal CSPRNG. So
all of these will work in a jail without /dev or /proc.


That's cool, but as stated on Linux sysctl(2):

NOTES
Glibc does not provide a wrapper for this system call; call it using syscall(2). Or rather... don't call it: use of this system call has long been discouraged, and it is so unloved that it is likely to disappear in a future kernel version. Since Linux 2.6.24, uses of this system call result in warnings in the kernel log. Remove it from your 
       programs now; use the /proc/sys interface instead.
This system call is available only if the kernel was configured with the CONFIG_SYSCTL_SYSCALL option.
And indeed, trying a test program calling CTL_KERN, KERN_RANDOM, RANDOM_UUID (from your code) prints
warning: process `sysctl-rand' used the deprecated sysctl system call with 1.40.6.
and returned with ENOSYS (the kernel was compiled without CONFIG_SYSCTL_SYSCALL).
So I don't think it's a suitable primary mean to gather random data under Linux. :-(
I encourage you to raise at lkml the need to have a dev-less random data source, though. 

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux