On Sat, Apr 30, 2022 at 11:19 PM Denys Vlasenko <vda.li...@googlemail.com> wrote: > Thank you for the explanation. I re-adding the fsync > and adding a comment. Please take a look at current git.
Oh god, what have you done? You have butchered seedrng into garbage. I do not agree with the changes you made. You've removed important error handling in ways that make certain intended use cases absolutely impossible. Please revert your changes, which you made mid-discussion here with no agreement reached. Then you can interact on the mailing list by sending patches and discussing them. If not -- if you want to keep tumbling down this monstrous route that you're on -- my participation here ends entirely, and my advice will be to avoid busybox because its maintainer is a wreckless cowboy. Just from a cursory look: - You removed the return value check on fsync(dfd), which means the check is worthless and introduces a security vulnerability. - You haven't responded to my messages regarding the importance of returning proper error codes and appear to have removed them entirely now? - Your comment about reads from /dev/urandom depleting the entropy pool isn't correct. (Plus you used an inconsistent type of comment with bad indentation. Did you even check your work?) - You completely ignored the `MAX_SEED_LEN = 256` change from the patch that this thread is actually about, which means there's no resolution for that issue. Plus you didn't respond to my email where I discussed various solutions for that matter. Did you read the patch I sent? Jason _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
