[Python-Dev] RNG in the core (original) (raw)

"Martin v. Löwis" martin at v.loewis.de
Wed Jan 4 09:02:14 CET 2012

• Previous message: [Python-Dev] RNG in the core
• Next message: [Python-Dev] RNG in the core
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well what if /dev/urandom is unavailable because the program is run e.g. in a chroot?

If the system ought to have /dev/urandom (as e.g. determined during configure), I propose that Python fails fast, unless the command line option is given that disables random hash seeds.

For the security fixes, we therefore might want to toggle the meaning of the command line switch, i.e. only use random seeds if explicitly requested.

(or is /dev/urandom still available in a chroot?)

You can make it available if you want to: just create a /dev directory, and do mknod in it. It's common to run /dev/MAKEDEV (or similar), or to mount devfs into a chroot environment; else many programs run in the chroot are likely going to fail (e.g. if /dev/tty is missing).

See, for example,

http://tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html

bind apparently requires /dev/null and /dev/random.

Regards, Martin

• Previous message: [Python-Dev] RNG in the core
• Next message: [Python-Dev] RNG in the core
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list