[PATCH] seccomp: allow the getrandom system call.
Dmitry V. Levin
ldv at altlinux.org
Fri Feb 13 05:40:58 AEDT 2015
On Thu, Feb 12, 2015 at 09:45:21PM +1100, Damien Miller wrote:
> On Wed, 11 Feb 2015, Dmitry V. Levin wrote:
> > On Wed, Feb 11, 2015 at 02:46:50PM -0300, Cristian Rodr?guez wrote:
> > > *SSL libraries or the C library may/will require it.
> >
> > In what circumstances do they need it?
> > Do they need it with GRND_RANDOM bit set?
> >
> > Note that this system call equivalents to opening (with subsequent
> > reading) of /dev/random and /dev/urandom, which is not allowed by this
> > seccomp filter.
>
> IMO they shouldn't need it - we take care to prime both the arc4random
> and libcrypto pools before sandboxing.
They definitely don't need it now as neither /dev/random nor /dev/urandom
is available in _PATH_PRIVSEP_CHROOT_DIR.
> I don't mind adding it though, and don't think it hurts.
Unlimited access to /dev/random could be used to cause system entropy
starvation, so please don't add it.
--
ldv
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150212/d3f86fb4/attachment.bin>
More information about the openssh-unix-dev
mailing list