Victor Duchovni:
> On Tue, Dec 29, 2009 at 11:44:01AM -0500, Wietse Venema wrote:
>
> > Is Postfix is still the default MTA? If so then it is surprising
> > than this /dev/urandom bug was not found during testing.
>
> On my current 10.5 system, yes Postfix is still the default MTA, but:
>
> $ /usr/sbin/postconf -d tls_random_source
> tls_random_source =
>
> So Apple may have worked-around the inconvenient security feature. :-(
>
> The first call to RAND_bytes() in OpenSSL will (it seems after a
> quick read of OpenSSL source code) call RAND_poll() once which reads
> "/dev/urandom", via poll() on Linux systeme and select() on other
> Unix-like systems...
Postfix is already stuck with select() on MacOS for all other I/O
event handling, so we could safely remove poll() support from
Postfix when building for MacOS.
Wietse
