STINNER Victor added the comment:
"Trying to run the python interpreter in a chroot fails if /dev/urandom is not
present."
The workaround is simple: fix your chroot to correctly expose /dev/urandom in
the chroot. It's a common and known issue, no?
Since the issue is almost dead since 2 years
STINNER Victor added the comment:
I'm not sure that os.urandom() is correct on OpenBSD. I'm not sure that using
getentropy() is correct. getentropy() seems to be high quality but I understand
that there is a low quantity of entropy and it can block.
I don't know if arc4random() is better:
Nick Coghlan added the comment:
Victor, can this be closed following the changes to os.urandom() in 3.5 and 3.6
to avoid using a file descriptor in os.urandom() where feasible?
--
nosy: +ncoghlan
status: open -> pending
___
Python tracker
700eb415 added the comment:
From the OpenBSD random(4) man page:
The arc4random(3) function in userland libraries should be used instead, as it
works without the need to access these devices every time.
Theo just had a good talk on this issue here about why /dev/random needs
replacing here:
STINNER Victor added the comment:
The issue is about the base if /dev/urandom is not present. How is
arc4random() PRNG/CPRNG initialized if /dev/urandom is *not* present?
Can we rely on it if it only uses a poor seed?
--
___
Python tracker
700eb415 added the comment:
I'm not sure that arc4random() can be considered as coming from the OS.
We really have a couple options here. (1)Include a high quality pseudorandom
number function for every platform that doesn't provide the proper call (very
tedious and lots of places of
Changes by STINNER Victor victor.stin...@gmail.com:
--
title: Use arc4random under OpenBSD for os.urandom() - Use arc4random under
OpenBSD for os.urandom() if /dev/urandom is not present
___
Python tracker rep...@bugs.python.org
STINNER Victor added the comment:
title: Use syscall (eg. arc4random or getentropy) rather than /dev/urandom
when possible - Use arc4random under OpenBSD for os.urandom()
For the usage getentropy(), I created a dedicated issue: #22585.
arc4random() should be avoided IMO, on many systems
STINNER Victor added the comment:
Hopefully this could then be used as a template for getrandom() when
implemented on Linux.
Sorry, what is getrandom()?
Linux 3.17 has a new getrandom() syscall, but the C API is not defined yet (see
the issue #22181). OpenBSD 5.6 will have a getentropy()