Re: Having a single, good arc4random in Debian

[Russ Allbery <rra@debian.org>]

Steven Chamberlain <steven@pyro.eu.org> writes:

> I think it would be good for Debian to standardise on a single, good
> arc4random implementation, available to any application that wants to
> use it.

> I'd like it to become ubiquitous, on all Debian arches (and eventually
> other distributions).  We should ensure applications do find it and use
> it, instead of using risky fallbacks like rand(), getpid() and time().
> (Scan build logs for "checking.*arc4random" for example).

> We could deprecate dozens of code copies, most of them unmaintained,
> some having known security flaws that were fixed in later versions.

I'm all in favor of this, but when working on this, please take the
concerns of upstream into account.  libbsd is readily available on Debian,
but I don't know if that's the case on the other systems that upstream is
trying to support, so they're going to be understandably worried about
portability.  Ideally, we wouldn't have to carry a ton of Debian-specific
patches to do this, though.

If someone could put together a kit for upstream with Autoconf probes and
all the machinery for selectively using this implementation if libbsd is
available, I think that would go a long way towards helping us actually
achieve this.

Even better, of course, would be to get glibc to take the interface, since
then all one needs is the Autoconf probes.  But I'm not sure how practical
that really is.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>