Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 07 Apr 2017 13:50:40 -0400
From: fche@...hat.com (Frank Ch. Eigler)
To: oss-security@...ts.openwall.com
Subject: Re: libxslt math.random issue


Florian Weimer wrote:

> FWIW, why is glibc not doing srand(RANDOMVECTOR) during startup... :/
>
> The C standard does not allow it.
>
> ”
> If rand is called before any calls to srand have been made, the same
> sequence shall be generated as when srand is first called with a seed
> value of 1.
> ”

Yes, but that does not imply that srand(1) needs to resolve to a
build-constant value.  https://gitlab.com/fche/randomer salts it with a
snippet from /dev/urandom, and stays POSIX-compatible & restartable.

- FChE

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ