On Tue, Apr 19, 2022 at 11:33 AM Bernhard Reutner-Fischer <rep.dot....@gmail.com> wrote: > I was not refering to the startup scripts but to the possibility that > we read data from the path /dev/random, close the fd and only later > open it again for issuing the ioctl. The first read could easily hit a > file with e.g. c 1 5, i.e. zero to inject non-random data into the pool. > This would be avoided if we'd open random only once (and even ensure it > really is the random chardev) and issue the ioctl on this very fd.
If an unprivileged process can modify files in /dev, all bets are off. _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox