On Fri, Mar 28, 2003 at 10:55:34AM +0100, Axel Andersson wrote:
> I'm writing an SSL daemon that for security reasons does a chroot(2) to its own
> little root. When chrooted, it obviously cannot open /dev/random or /dev/urandom
> when I do SSL operations. Is there a way I can open these for OpenSSL before
> chrooting, or do I have to recreate them under my root directory?
You cannot open them for OpenSSL but you can handle the problem yourself.
OpenSSL will only query /dev/*random once the first time random numbers
are generated.
During initialization, before stepping into chroot jail, execute
RAND_status() to trigger this process. OpenSSL will then open, read, close.
If you want your process to continue querying random numbers during runtime,
you have to manage this yourself anyway (OpenSSL won't do it for you).
Open the file on startup (before entering chroot jail), keep it open all the
time and at your disposal read some bytes from the file and feed them to
OpenSSL using RAND_add().
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
