Re: [PATCH] seccomp: allow the getrandom system call.

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Wed, 11 Feb 2015, Dmitry V. Levin wrote:

> On Wed, Feb 11, 2015 at 02:46:50PM -0300, Cristian Rodr?guez wrote:
> > *SSL libraries or the C library may/will require it.
> 
> In what circumstances do they need it?
> Do they need it with GRND_RANDOM bit set?
> 
> Note that this system call equivalents to opening (with subsequent
> reading) of /dev/random and /dev/urandom, which is not allowed by this
> seccomp filter.

IMO they shouldn't need it - we take care to prime both the arc4random
and libcrypto pools before sandboxing.

I don't mind adding it though, and don't think it hurts.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux