[PATCH] seccomp: allow the getrandom system call.

Dmitry V. Levin ldv at altlinux.org
Fri Feb 13 05:40:58 AEDT 2015

On Thu, Feb 12, 2015 at 09:45:21PM +1100, Damien Miller wrote:
> On Wed, 11 Feb 2015, Dmitry V. Levin wrote:
> > On Wed, Feb 11, 2015 at 02:46:50PM -0300, Cristian Rodr?guez wrote:
> > > *SSL libraries or the C library may/will require it.
> > 
> > In what circumstances do they need it?
> > Do they need it with GRND_RANDOM bit set?
> > 
> > Note that this system call equivalents to opening (with subsequent
> > reading) of /dev/random and /dev/urandom, which is not allowed by this
> > seccomp filter.
> IMO they shouldn't need it - we take care to prime both the arc4random
> and libcrypto pools before sandboxing.

They definitely don't need it now as neither /dev/random nor /dev/urandom
is available in _PATH_PRIVSEP_CHROOT_DIR.

> I don't mind adding it though, and don't think it hurts.

Unlimited access to /dev/random could be used to cause system entropy
starvation, so please don't add it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150212/d3f86fb4/attachment.bin>

More information about the openssh-unix-dev mailing list