Are macports builds prevented from accessing /dev/random ?

Michael keybounce at gmail.com
Wed Jun 14 00:07:08 UTC 2017


On 2017-06-13, at 4:20 PM, Joshua Root <jmr at macports.org> wrote:

> On 2017-6-14 08:18 , Christopher Jones wrote:
>> Had a look into this. The ROOT source never explicitly opens /dev/random in read/write mode. Only read only.
>> However, it also uses a number of external library calls, like std::rand(), and my best bet is one of these is doing it. As writing to /dev/random is allowed, to update the entropy pool, I don’t think this in itself is an issue.
>> So is it OK to add /dev/random to the allowed locations for the sandbox ?
> 
> Yes, that would be fine.
> 
> I had a look at the xnu source by the way, and writing to /dev/random on Darwin is indeed equivalent to writing to /dev/null; the kernel doesn't use the written data in any way.
> 
> - Josh

Odd. The manual states: "To add entropy to the random generation system, open /dev/random for writing and write data that you believe to be somehow random."

In the past, on linux systems, I would have a shutdown script that pulled 512 bytes out of /dev/random, and saved it in a file; on restart, it would be put back into /dev/random. But that was when it was actually possible to modify /etc/rc and run stuff at startup.

So in Xnu, how do you ensure random data in the entropy pool? How do you seed the random numbers so that there's some ... randomness?

(rc.local is way too late to adjust system startup. And launchd/init wants to have some sort of hard-coded startup functions that you can't alter).

---
Entertaining minecraft videos
http://YouTube.com/keybounce



More information about the macports-dev mailing list