Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Ben Hutchings <firstname.lastname@example.org> writes:
> On Wed, 2014-07-16 at 12:47 -0700, Russ Allbery wrote:
>> It would be nice to have a reliable kernel interface for getting
>> randomness rather than relying on proper chroot configuration.
> There is such an interface. It happens to be a char device. Expecting
> administrators to create /dev/urandom in a chroot is no more
> unreasonable than expecting them to create /dev/null or /dev/zero.
I'm not a big fan of that either. :) Also, I think it's relatively rare
for a library to require those devices exist for secure behavior, although
perhaps I'm just not knowledgable in this area.
>> I'm not sure sysctl should be that mechanism, but I'm quite sympathetic
>> to the LibreSSL developers here. Relying on a device being present in
>> a chroot seems rather dubious.
> Less so than blundering on without entropy.
Oh, certainly. I'm in favor of aborting in libssl if /dev/urandom isn't
available. But it bothers me that one could get to that point. It seems
like an easy mistake for someone to make, and it seems somehow unclean to
require access to a char device for randomness.
I'm sure I'll get over it, but I do agree with the feeling that a lot more
can go wrong when trying to open a character device than with some of the
other approaches suggested.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>