22 lines
795 B
Diff
22 lines
795 B
Diff
<chris2> so, current flow for getentropy is
|
|
<chris2> 1) use SYS_getrandom if it exists (true on glibc and musl)
|
|
<chris2> 2) use /dev/urandom
|
|
<chris2> 3) use sysctl (glibc only)
|
|
<chris2> 4) use terrible fallback
|
|
<chris2> and with a one-line patch it can instead kill itself after 3
|
|
<chris2> so that should only affect processes running without /dev/urandom on old kernels
|
|
<chris2> probably no harm else
|
|
<xtraeme> +1
|
|
|
|
--- crypto/compat/getentropy_linux.c.orig
|
|
+++ crypto/compat/getentropy_linux.c
|
|
@@ -162,7 +162,7 @@
|
|
* sysctl ABI, or consider providing a new failsafe API which
|
|
* works in a chroot or when file descriptors are exhausted.
|
|
*/
|
|
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
|
+#define FAIL_INSTEAD_OF_TRYING_FALLBACK
|
|
#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
|
|
raise(SIGKILL);
|
|
#endif
|