Hi. Because uClibc and Glibc have moved ssp to rtld(ld.so), arc4random can't
be used with ssp anymore (without moving arc4random to ld.so). This isn't a
big deal, but it makes arc4random optional. I personally plan to keep using
the arc4random library since a number of BLFS packages can use it, but since
nothing depends on it I'm not sure if it belongs in the book. I can put it in
the entropy hint.
The pseudo_random patch will also be optional, and also kept in the entropy
hint. Nothing will depend on it.
uClibc and Glibc use /dev/urandom, and its optional for both. The other option
is to use static canary values (not suggested, but it performs better). By
patching the kernel, a simple sed command can have them use /dev/erandom. The
kernel guys have fixed urandom so that the entropy loss isn't as serious as
it was before; but for servers with little or no keyboard or mouse input
erandom is best. I'll also have patches for sysctl {e,u}random in the entropy
hint for users/administrators who don't keep /dev/{e,u}random in their
chroot's.
This is all just as good as before, but more flexable, and fewer patches will
be in the book.
robert
--
http://linuxfromscratch.org/mailman/listinfo/hlfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
