[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

Hi!

On Wed, 2014-07-16 at 19:54:38 +0100, Steven Chamberlain wrote:
> The other major concern was about scary entropy-gathering code,
> implemented in LibreSSL Portable for Linux as a last resort for when
> /dev/urandom can't be read.  I agree that it's too risky, or:  too
> difficult to prove safe and robust in any conceivable situation.
> Debian's major OpenSSL bug was able to happen undetected for a while out
> of similar circumstances.
> 
> A compile-time ifdef already allows to disable this fallback code and
> raise SIGKILL instead, crashing the calling process.  As part of the
> LibreSSL port to GNU/kFreeBSD and Hurd I would actually have asked that
> we do this anyway in Debian, at least for those platforms.

kFreeBSD does have a supported sysctl for this: CTL_KERN KERN_ARND.
(As does NetBSD which has two, KERN_URND and KERN_ARND.)

Thanks,
Guillem
Reply to: