On Sun, May 22, 2016 at 7:04 AM, Stanislav Malyshev <smalys...@gmail.com> wrote: > Hi! > >> Question: Is there a nonzero chance of a PHP application running at boot >> time on an older GNU/Linux machine? If so, should we adopt this "unseeded >> CSPRNG" mitigation employed by libsodium for ancient Linux kernels? >> >> https://github.com/jedisct1/libsodium/issues/374 >> https://github.com/jedisct1/libsodium/commit/c752eb55d9e9992bc38e7790128953427aa0a89f >> >> This could be done as a security patch for PHP 7.0.x if there's any concern >> about startup entropy e.g. on embedded devices. > > If they're running Linux kernel that deserves to be called "ancient", > wouldn't they also run old PHP? In any case, from the problem > description, it looks like the problem happens "on early boot". I don't > see how you can get to run PHP code before you get way, way beyond early > boot. > >> I'm not aware of any such projects being written in PHP, so my intuition is >> this is a non-issue for us. > > I agree, this appears to be non-issue for PHP.
Same thinking here => we're not concerned. Julien.Pauli -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
