On 02/06/15 02:34, Georg Koppen wrote:
Hi,
inline is a patch to avoid using /dev/random on Windows in ssp.c. If it
is getting used there might be a local malicious process supplying fake
random values (e.g. via C:\dev\random) rendering SSP useless.
Comments/review are much appreciated. The patch is against the 4.9 branch:
From 372698ef051b776cc30e9ebd2aac7291c19ff506 Mon Sep 17 00:00:00 2001
From: Erinn Clark <er...@torproject.org>
Date: Wed, 12 Mar 2014 16:09:10 +0100
Subject: [PATCH] Don't use /dev/random on Windows, because it is not a
thing.
Apart from that some process might be able to supply fake
random data with e.g. c:\dev\urandom rendering SSP useless.
This patch was written by skruffy, thanks!
Thanks. I've written a ChangeLog for this change and installed it on
the trunk.
Jeff
