Hi! > Question: Is there a nonzero chance of a PHP application running at boot > time on an older GNU/Linux machine? If so, should we adopt this "unseeded > CSPRNG" mitigation employed by libsodium for ancient Linux kernels? > > https://github.com/jedisct1/libsodium/issues/374 > https://github.com/jedisct1/libsodium/commit/c752eb55d9e9992bc38e7790128953427aa0a89f > > This could be done as a security patch for PHP 7.0.x if there's any concern > about startup entropy e.g. on embedded devices.
If they're running Linux kernel that deserves to be called "ancient", wouldn't they also run old PHP? In any case, from the problem description, it looks like the problem happens "on early boot". I don't see how you can get to run PHP code before you get way, way beyond early boot. > I'm not aware of any such projects being written in PHP, so my intuition is > this is a non-issue for us. I agree, this appears to be non-issue for PHP. -- Stas Malyshev smalys...@gmail.com -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
