On Mon, May 14, 2018 at 01:55:55PM -0300, Lisandro Damián Nicanor Pérez Meyer wrote:
> Quoting from the above:
>
> The rationale of this system call is to provide resiliance against
> file descriptor exhaustion attacks, where the attacker consumes all
> available file descriptors, forcing the use of the fallback code where
> /dev/[u]random is not available. Since the fallback code is often not
> well-tested, it is better to eliminate this potential failure mode
> entirely.
>
> So if we disable it we disable a feature providing a more robust method to
> provide randomness to ours users.
Reading this sounds like the presence of the syscall could be tested at
runtime, and if present used and if not fall back to dev/urandom?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
more about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Attachment:
signature.asc
Description: PGP signature