[issue27292] Warn users that os.urandom() can return insecure values
Martin Panter
report at bugs.python.org
Thu Jun 16 09:08:56 EDT 2016
Martin Panter added the comment:
Rebased so Rietveld can work with it, earlier version was my fault.
As far as I can see (looking at Python/random.c and configure.ac), the Solaris version should also use GRND_NONBLOCK:
#ifdef MS_WINDOWS
#elif defined(HAVE_GETENTROPY) && !defined(sun)
#else
#if defined(HAVE_GETRANDOM) || defined(HAVE_GETRANDOM_SYSCALL)
const int flags = GRND_NONBLOCK;
#ifdef HAVE_GETRANDOM
n = getrandom(dest, n, flags);
#else
n = syscall(SYS_getrandom, dest, n, flags);
#endif
Apart from using a C function call versus syscall(), I don’t see there is much difference between the Solaris and Linux cases. Correct me if I’m wrong though.
----------
Added file: http://bugs.python.org/file43411/urandom-doc.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27292>
_______________________________________
More information about the Python-bugs-list
mailing list