Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Quoting Russ Allbery (2014-07-16 22:17:23)
> Ben Hutchings <firstname.lastname@example.org> writes:
> > On Wed, 2014-07-16 at 12:47 -0700, Russ Allbery wrote:
> >> It would be nice to have a reliable kernel interface for getting
> >> randomness rather than relying on proper chroot configuration.
> > There is such an interface. It happens to be a char device. Expecting
> > administrators to create /dev/urandom in a chroot is no more unreasonable
> > than expecting them to create /dev/null or /dev/zero.
> I'm not a big fan of that either. :) Also, I think it's relatively rare for
> a library to require those devices exist for secure behavior, although
> perhaps I'm just not knowledgable in this area.
maybe this will help in the future: