I'm getting no failures now from Glibc test suite now, with the 2.6.20 headers and I used --host/build/target=i486-pc-linux-gnu, and I'm not sure why. Some of the -fno flags in chapter6 might be overkill now.
I've made a new arc4random patch, here: http://www.linuxfromscratch.org/~robert/new/glibc-2.5-arc4_prng.diff6 It's a bit better than the old one, and was rejected upstream. Drepper suggests putting it in a separate library, however no packages are configured to try using -larc4random, so I think putting it in libc is more practical. This patch also adds --with-prng-device to configure, so you can tell ssp and arc4random to use /dev/urandom, /dev/erandom, or whatever. RANDOM_ERANDOM sysctl is detected by configure, and uses it in arc4random() if your kernel headers are patched. Using sysctl erandom with ssp involves adding sysctl() to ld.so, so I didn't. Having ssp use arc4random for backup involves similar problems. The ssp code in glibc-cvs uses high precision timing if /dev/urandom fails, and I can add that with a separate patch. This patch adds arc4random for tempname.c for the mktemp() family, and to res_init.c, res_mkquery.c, and bindrsvprt.c for resolver randomization (Glibc uses gettimeofday/getpid without the patch). I improved the arc4_stir() function a bit. If sysctl and /dev fail, it takes advantage of uninitialized variables of the rnd[] array. gettimeofday/getpid are only used to replace elements which are equal to 0, and they're added to the value of the previous element. About 50% of the elements will use whatever was in the stack space. So arc4random() should provide good quality random numbers even under the worst conditions. If two arc4random() functions are run in the same instant with sequential pid numbers, the output will be completely different. It looks like the Linux kernel will be removing the sysctl syscall one day, because they believe no one uses it and they don't want to continue maintaining it. I think it's a shame because it's a single syscall that also works through a chroot, while opening, reading, and closing /proc/sys/file is three syscalls and does not work in chroot. It still works for the moment, but Glibc is going to start issuing link-time warnings that sysctl() is obsolete. robert
pgpxyH8iNVK4W.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
