Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=python.org; s=200901; t=1405627955; bh=zs5zLM3mGHF+1xI1JYNn90y1bkxvkFTru+A8imSJ4Dc=; h=To:From:Subject:Date:References:In-Reply-To:From; b=mbKV0wb1/bFtjoc8tKiS0ZUXADJsQ5KZIVGTud6vy99YmN3T/Lqu9cnpCkiLW4Xwv Z1l8O28SJZt4hiakPfukcj7nEwnK6WBxI5+ncT97eSVW+pJKjQDHbzittPocUpaaNe gDm5Nkc7m5RpIYekTyeRxidTDSaj+gD607Sdeb04= X-Spam-Status: OK 0.002 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'interpreter': 0.05; 'attack.': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'skip:/ 10': 0.09; 'subject:()': 0.09; 'wrapper': 0.09; 'python': 0.11; 'bug': 0.12; 'descriptor': 0.16; 'from:name:christian heimes': 0.16; 'received:80.91.229.3': 0.16; 'received:dip0.t-ipconnect.de': 0.16; 'received:plane.gmane.org': 0.16; 'received:t-ipconnect.de': 0.16; 'replaced.': 0.16; 'subject:patch': 0.16; 'from:addr:python.org': 0.16; 'wrote:': 0.18; 'subject:request': 0.19; 'header:User-Agent:1': 0.23; 'paul': 0.24; "i've": 0.25; 'tracker': 0.26; 'header:X-Complaints- To:1': 0.27; 'header:In-Reply-To:1': 0.27; 'feature': 0.29; 'code': 0.31; 'posting': 0.31; 'file': 0.32; 'open': 0.33; 'linux': 0.33; 'implemented': 0.33; 'could': 0.34; 'version': 0.36; 'too': 0.37; 'stopped': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'received:org': 0.40; 'new': 0.61; 'further': 0.61; 'first': 0.61; 'soon': 0.63; 'became': 0.64; 'management': 0.65; 'url:17': 0.68; '3.4': 0.84; 'url:2014': 0.84; 'vulnerable': 0.84 X-Injected-Via-Gmane: http://gmane.org/ To: python-list@python.org From: Christian Heimes Subject: Re: patch request for os.urandom() Date: Thu, 17 Jul 2014 22:12:16 +0200 References: <7xlhrrkf6h.fsf@ruckus.brouhaha.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Gmane-NNTP-Posting-Host: p57aeefca.dip0.t-ipconnect.de User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 In-Reply-To: <7xlhrrkf6h.fsf@ruckus.brouhaha.com> X-Enigmail-Version: 1.5.2 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 16 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1405627957 news.xs4all.nl 2925 [2001:888:2000:d::a6]:43443 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:74688 On 17.07.2014 20:34, Paul Rubin wrote: > Could os.urandom() be patched to use the new Linux getrandom() system > call on systems where it is available? Further info: > > http://lists.openwall.net/linux-kernel/2014/07/17/235 > > I've stopped posting to the Python bug tracker because the password > management issues became too annoying. > The feature will be implemented as soon as the first Linux distribution comes with a kernel version that supports the new syscall. By the way Python 3.4 is not vulnerable to fd exhaustion attack. The interpreter keeps an open file descriptor on /dev/urandom. The wrapper code ensures that the fd is not replaced.