Package: apache2-utils Version: 2.2.9-7 Severity: minor Greetings,
Having recently upgraded from a relatively old apache 1.3-era package I have found a quick script I wrote to periodically syncronise passwords had become unreliable. Further investigation reveals that htpasswd invoked from this script around 50 times blocks for long periods. It previously took trivial time (very much less than one second). Running strace, I see: $ strace htpasswd -c -b testfile testuser testpass [much output] getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 uname({sys="Linux", node="gamma", ...}) = 0 brk(0) = 0x804c000 brk(0x806d000) = 0x806d000 stat64("testfile", 0xbfb4f970) = -1 ENOENT (No such file or directory) open("testfile", O_WRONLY|O_CREAT|O_LARGEFILE, 0666) = 3 close(3) = 0 open("/dev/random", O_RDONLY) = 3 read(3, Clearly I'm entropy-starved. However, I'd question whether a tool such as htpasswd cannot do with /dev/urandom. Delving into the code, it uses it to seed rand(3) so it clearly does not use /dev/random for any purpose where pure entropy is required. Previously it had used time(2) -- this change to use a blocking function in the APR is the source of the regression. Cheers, Joseph -- System Information: Debian Release: lenny/sid Architecture: i386 (i686) Kernel: Linux 2.6.18-6-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages apache2-utils depends on: ii libapr1 1.2.12-4 The Apache Portable Runtime Librar ii libaprutil1 1.2.12+dfsg-8 The Apache Portable Runtime Utilit ii libc6 2.7-13 GNU C Library: Shared libraries ii libssl0.9.8 0.9.8g-13 SSL shared libraries apache2-utils recommends no packages. apache2-utils suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]