On Fri, Nov 15 2024, Heinrich Schuchardt <heinrich.schucha...@canonical.com> wrote: >> > >> > Linking against libbsd might be an alternative on older systems. >> >> Or use getrandom(), which according to the man page has been exposed via >> glibc since glibc 2.25. Or just read from /dev/urandom which should work >> everywhere. >> >> Rasmus >> > > > /dev/urandom is not available in containers.
What container runtime doesn't provide such basic nodes to containers? Is /dev/null also not available in those containers? Strange. And how, in that case, would the C library (or libbsd, or whatever implements arc4random) then actually obtain random bytes to hand out or seed its internal state? Using arc4random() or rand48() or xkcd221() doesn't fix lack of access to proper random numbers, it may just hide the problem and silence some static checker that knows "random() is bad!", but doesn't know that arc4random() might be just as bad if used in a crippled environment. Rasmus
