Ben Longbons wrote:
> Dear Maintainer,
Hi Ben,
> Zsh just repeats the same number when $RANDOM is requested in fresh
> subshells. In general, this sort of bug is a security vulnerability,
> though I'm not aware of anyone doing security-sensitive stuff in zsh.
This works exactly as documented and is therefore not a bug:
RANDOM <S>
A pseudo-random integer from 0 to 32767, newly generated each
time this parameter is referenced. The random number generator
can be seeded by assigning a numeric value to RANDOM.
The values of RANDOM form an intentionally-repeatable
pseudo-random sequence; subshells that reference RANDOM will
result in identical pseudo-random values unless the value of
RANDOM is referenced or seeded in the parent shell in between
subshell invocations.
This comes up on zsh's mailing list every once in a while. Here is a
recent-ish thread: http://www.zsh.org/mla/workers/2015/msg00549.html
> bash handles this correctly in variables.c by checking
> `subshell_environment && seeded_subshell != pid` on every call and
> reseeding then; it would also be possible to use `pthread_atfork` (or,
> since the forking is entirely within the main executable, just the
> manual equivalent at the call site).
There is no standard that mandates how $RANDOM should behave. So this
boils down to "zsh is no bash".
Regards, Frank
