Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #74668 > unrolled thread

patch request for os.urandom()

Back to article view | Back to comp.lang.python

Contents

  patch request for os.urandom() Paul Rubin <no.email@nospam.invalid> - 2014-07-17 11:34 -0700
    Re: patch request for os.urandom() Chris Angelico <rosuav@gmail.com> - 2014-07-18 04:44 +1000
    Re: patch request for os.urandom() Ned Deily <nad@acm.org> - 2014-07-17 12:37 -0700
    Re: patch request for os.urandom() Sturla Molden <sturla.molden@gmail.com> - 2014-07-17 21:54 +0200
    Re: patch request for os.urandom() Christian Heimes <christian@python.org> - 2014-07-17 22:12 +0200

#74668 — patch request for os.urandom()

Could os.urandom() be patched to use the new Linux getrandom() system
call on systems where it is available?  Further info:

http://lists.openwall.net/linux-kernel/2014/07/17/235

I've stopped posting to the Python bug tracker because the password
management issues became too annoying.

[toc] | [next] | [standalone]

#74671

On Fri, Jul 18, 2014 at 4:34 AM, Paul Rubin <no.email@nospam.invalid> wrote:
> Could os.urandom() be patched to use the new Linux getrandom() system
> call on systems where it is available?  Further info:
>
> http://lists.openwall.net/linux-kernel/2014/07/17/235

Uhm... does that even exist in kernel trunk yet? That's pretty
amazingly new. I would guess Python doesn't want to start using
something like that until it's *at least* appeared in a released
kernel; although of course you're welcome to run a patched Python on a
patched Linux to make use of this.

Trouble with that seems to be that it's reducing code paths from two
to... two. Instead of having a seldom-used code path for the fall-back
when there's no fd available, you instead have an alternate code path
for the fall-back when getrandom() doesn't exist. But if the Linux
guys decide to implement this, then you can take it to python-dev with
"This is supported by Linux 3.x.y" (or probably "Linux 3.x"), and
preferably a patch that includes something in ./configure to probe for
availability. Patches speak louder than words :)

ChrisA

[toc] | [prev] | [next] | [standalone]

#74682

In article <7xlhrrkf6h.fsf@ruckus.brouhaha.com>,
 Paul Rubin <no.email@nospam.invalid> wrote:
> I've stopped posting to the Python bug tracker because the password
> management issues became too annoying.

Can you elaborate on the problems you are having?

-- 
 Ned Deily,
 nad@acm.org

[toc] | [prev] | [next] | [standalone]

#74686

On 17/07/14 20:34, Paul Rubin wrote:
> Could os.urandom() be patched to use the new Linux getrandom() system
> call on systems where it is available?

/dev/urandom exists on other Unix-like systems as well.

Right now os.urandom only uses special system calls on Windows.

Sturla

[toc] | [prev] | [next] | [standalone]

#74688

On 17.07.2014 20:34, Paul Rubin wrote:
> Could os.urandom() be patched to use the new Linux getrandom() system
> call on systems where it is available?  Further info:
> 
> http://lists.openwall.net/linux-kernel/2014/07/17/235
> 
> I've stopped posting to the Python bug tracker because the password
> management issues became too annoying.
> 

The feature will be implemented as soon as the first Linux distribution
comes with a kernel version that supports the new syscall. By the way
Python 3.4 is not vulnerable to fd exhaustion attack. The interpreter
keeps an open file descriptor on /dev/urandom. The wrapper code ensures
that the fd is not replaced.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web