Skip to Content [alt-c]


In reply to LibreSSL's PRNG is Unsafe on Linux [Update: LibreSSL fork fix]

Reader zagam on 2016-06-15 at 04:34:

Linux is correct in that it uses a device file. This is the Unix way. To control access to resources everything should be a device file.

You can control who dumps entropy with group write access. However, it looks like any one can in Debian:

crw-rw-rw- 1 root root 1, 9 Jun 15 12:17 /dev/urandom

The ioctl(2) is just a side band of those files.

Need to bind mount more for the chroot or use containers.


Post a Reply

Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with > are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim (good for code).
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.