Regarding the optional OpenSSL integration for the portable version
Ángel González
keisial at gmail.com
Mon May 5 06:56:03 EST 2014
On 02/05/14 21:40, William Ahern wrote:
> Linux
> also has an obscure sysctl which pulls directly from the internal CSPRNG. So
> all of these will work in a jail without /dev or /proc.
That's cool, but as stated on Linux sysctl(2):
> NOTES
> Glibc does not provide a wrapper for this system call; call it
> using syscall(2). Or rather... don't call it: use of
> this system call has long been discouraged, and it is so
> unloved that it is likely to disappear in a future kernel
> version. Since Linux 2.6.24, uses of this system call
> result in warnings in the kernel log. Remove it from your
> programs now; use the /proc/sys interface instead.
>
> This system call is available only if the kernel was configured
> with the CONFIG_SYSCTL_SYSCALL option.
And indeed, trying a test program calling CTL_KERN, KERN_RANDOM,
RANDOM_UUID (from your code) prints
> warning: process `sysctl-rand' used the deprecated sysctl system call
> with 1.40.6.
and returned with ENOSYS (the kernel was compiled without
CONFIG_SYSCTL_SYSCALL).
So I don't think it's a suitable primary mean to gather random data
under Linux. :-(
I encourage you to raise at lkml the need to have a dev-less random data
source, though.
More information about the openssh-unix-dev
mailing list