(trimming the Cc list on purpose) Theo de Raadt <[email protected]> writes:
>> > Stuart Henderson <[email protected]> wrote: >> > >> >> I'm not sure if the stubs/fallback code are necessary, does anyone have >> >> information about the arc4random implementation on other OS behave? >> > >> > FreeBSD prior to 10.0 does not automatically stir on fork(). >> > This affects all current FreeBSD production releases. >> >> Current NetBSD doesn't either, as you've already said. I think we >> should provide patches that upstream can integrate easily, and poke >> existing implementations so that they behave correctly. Else I fear >> that arc4random might become a problem rather than the helpful solution >> it is right now. > > Look. Everyone has bugs in their libc, all the way through their > tree. We don't help them there. They don't help us either. > > Fine, feel free to feed them diffs, but I don't think this is *our* > responsibility. They failed to keep up, and for gods sake, they all > still contain /dev/random opens with non-threadsafe and non-chroot-safe > code. I've never suggested that I was going to send them diffs. The only thing that is needed, imho, is to point them at their limitations so that one day the OpenBSD ports tree and third-party projects don't have to suffer from those. > It's like they forked -r1.1 and called it a lifetime. Indeed... -- jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
