>I have a web program that attempts to access /dev/urandom from within the >/var/www chroot. Based on archive searches and googling, I've removed >the nodev flag from that mount and have created the random devices in >/var/www/dev/*
So basically remove a layer of security. Awesome. See what they made you do? The /dev/*random nodes are not specified in any standard, furthermore once you get into chroot all bets are off (like you discovered). >This allows the program to work, but I'm wondering if there is a better >way to do this that doesn't involve removing the nodev setting from >/var. Rewrite it so that it uses other ways to get randomness. The arc4random API is exposed in various programming layers. >Would it be preferable to use a language function for getting pseudo >random bytes instead of relying on the device? Yes. Definately.