From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 120013 invoked by alias); 14 Aug 2015 14:17:34 -0000 Mailing-List: contact glibc-bugs-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: glibc-bugs-owner@sourceware.org Received: (qmail 119944 invoked by uid 48); 14 Aug 2015 14:17:32 -0000 From: "nmav at redhat dot com" To: glibc-bugs@sourceware.org Subject: [Bug libc/17252] getrandom and getentropy syscall Date: Fri, 14 Aug 2015 14:17:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: glibc X-Bugzilla-Component: libc X-Bugzilla-Version: unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: enhancement X-Bugzilla-Who: nmav at redhat dot com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at sourceware dot org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: security- X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://sourceware.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-08/txt/msg00326.txt.bz2 https://sourceware.org/bugzilla/show_bug.cgi?id=17252 Nikos Mavrogiannopoulos changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nmav at redhat dot com --- Comment #6 from Nikos Mavrogiannopoulos --- There is a very long and interesting discussion at the thread above that is very high level, but there is nothing to the point for this API. At the moment the Linux kernel offers a new system call getrandom() which solves several problems of /dev/urandom approach (see [0] for some affecting gnutls), but userspace cannot access it in reasonable way. syscall() is not a reasonable way. To clarify; until now userspace is using autoconf macros to detect capabilities, e.g., a function in libc, libwhatever. With the approach of having useful kernel calls which don't map to libc we are unfortunately breaking this detection and forcing them to do some compile/runtime detection of system calls(?). That's pretty ugly. My suggestion would be for glibc to duplicate the OpenBSD API [1], and not provide any API for kernels without this capability (you can't duplicate these semantics). The whole reason, for this system call is that the semantics of /dev/urandom were too unreliable to simulate a getrandom() function. Nevertheless, I wouldn't object in any other solution which brings the system call. I just believe that this system call to is too good to ignore for so long. [0]. https://bugzilla.redhat.com/show_bug.cgi?id=1253474 [1]. http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man2/getentropy.2?query=getentropy&sec=2 -- You are receiving this mail because: You are on the CC list for the bug.