下面是原始网页http://seclists.org/oss-sec/2017/q2/32的快照。安全客与该网页作者无关,不对其内容负责。 刷新快照
oss-sec: Re: libxslt math.random issue
Home page logo

oss-sec mailing list archives

Re: libxslt math.random issue
From: fche () redhat com (Frank Ch. Eigler)
Date: Fri, 07 Apr 2017 13:50:40 -0400


Florian Weimer wrote:

FWIW, why is glibc not doing srand(RANDOMVECTOR) during startup... :/

The C standard does not allow it.

”
If rand is called before any calls to srand have been made, the same
sequence shall be generated as when srand is first called with a seed
value of 1.
”

Yes, but that does not imply that srand(1) needs to resolve to a
build-constant value.  https://gitlab.com/fche/randomer salts it with a
snippet from /dev/urandom, and stays POSIX-compatible & restartable.

- FChE


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]