Victor Duchovni: > On Tue, Dec 29, 2009 at 11:44:01AM -0500, Wietse Venema wrote: > > > Is Postfix is still the default MTA? If so then it is surprising > > than this /dev/urandom bug was not found during testing. > > On my current 10.5 system, yes Postfix is still the default MTA, but: > > $ /usr/sbin/postconf -d tls_random_source > tls_random_source = > > So Apple may have worked-around the inconvenient security feature. :-( > > The first call to RAND_bytes() in OpenSSL will (it seems after a > quick read of OpenSSL source code) call RAND_poll() once which reads > "/dev/urandom", via poll() on Linux systeme and select() on other > Unix-like systems...
Postfix is already stuck with select() on MacOS for all other I/O event handling, so we could safely remove poll() support from Postfix when building for MacOS. Wietse