reopen 13768
thanks
Andy Wingo <wi...@pobox.com> writes:
> On Wed 20 Feb 2013 00:38, Jan Schukat <shoo...@email.de> writes:
>
>> What happens is, in random.c in random_state_of_last_resort on line 668
>> scm_getpid is used to seed the random generator. So either a
>> preprocessor switch or a hand constructed scm like in scm_getpid
>> (scm_from_ulong(getpid())) should be used there.
>
> Fixed, thanks for the report.
This has potential security implications. If the same program is run
multiple times in the same second, then without something like a PID,
there's a significant danger that two runs of the program will use the
same random seed.
Therefore, I think we ought to try hard to ensure that something like a
PID will always be included in this seed. Perhaps 'scm_getpid' should
be included even when building --without-posix.
At the very least, the documentation (which currently claims that the
PID is included in the random-state-of-last-resort) should be adjusted
to reflect the new reality. I just took care of that.
Thanks,
Mark
