Changes between Version 2 and Version 3 of Ticket #59497, comment 12


Ignore:
Timestamp:
Nov 4, 2019, 1:40:27 PM (5 years ago)
Author:
Ionic (Mihai Moldovan)
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #59497, comment 12

    v2 v3  
    3535So far, I have only briefly skimmed the OpenSSL (not -SSH) source code and didn't get into the nitty-gritty details of reseeding, including fetching random data from the system, but it looks like I have to in order to understand what it's doing and why it thinks that it can't gather system entropy.
    3636
    37 To that end, I wondered whether sandboxing could change access to (already opened) file descriptors, but that doesn't seem to be the case. Hence, should OpenSSL already have an open file descriptor to, say, `/dev/random`, that FD shouldn't be affected by enabling the sandbox retrospectively. This a commonly used technique, c.f., Chromium.
     37To that end, I wondered whether sandboxing could change access to (already opened) file descriptors or would be ignorant to that, but that (changing access) doesn't seem to be the case. Hence, should OpenSSL already have an open file descriptor to, say, `/dev/random`, that FD shouldn't be affected by enabling the sandbox retrospectively. This a commonly used technique, c.f., Chromium.
    3838
    3939OpenSSH 8.1p1 introduced a set of more complex IPC between master and child processes by means of not only opening up pipes between the processes, but also sending some data over them. This more complex handling is really the only actual change from 7.9p1 to 8.1p1, but at the same time doesn't explain any of the things experienced.