Date: Fri, 07 Apr 2017 13:50:40 -0400 From: fche@...hat.com (Frank Ch. Eigler) To: oss-security@...ts.openwall.com Subject: Re: libxslt math.random issue Florian Weimer wrote: > FWIW, why is glibc not doing srand(RANDOMVECTOR) during startup... :/ > > The C standard does not allow it. > > ” > If rand is called before any calls to srand have been made, the same > sequence shall be generated as when srand is first called with a seed > value of 1. > ” Yes, but that does not imply that srand(1) needs to resolve to a build-constant value. https://gitlab.com/fche/randomer salts it with a snippet from /dev/urandom, and stays POSIX-compatible & restartable. - FChE
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ