[Python-Dev] RNG in the core
"Martin v. Löwis"
martin at v.loewis.de
Wed Jan 4 09:02:14 CET 2012
> Well what if /dev/urandom is unavailable because the program is run
> e.g. in a chroot?
If the system ought to have /dev/urandom (as e.g. determined during
configure), I propose that Python fails fast, unless the command line
option is given that disables random hash seeds.
For the security fixes, we therefore might want to toggle the meaning
of the command line switch, i.e. only use random seeds if explicitly
requested.
> (or is /dev/urandom still available in a chroot?)
You can make it available if you want to: just create a /dev directory,
and do mknod in it. It's common to run /dev/MAKEDEV (or similar), or
to mount devfs into a chroot environment; else many programs run in the
chroot are likely going to fail (e.g. if /dev/tty is missing).
See, for example,
http://tldp.org/HOWTO/Chroot-BIND-HOWTO-2.html
bind apparently requires /dev/null and /dev/random.
Regards,
Martin
More information about the Python-Dev
mailing list