On 18.11.2016 18:15, Clemens Gruber wrote: > It's probably a bad idea to just patch python for every PTXdist user. > Not everybody is willing to trade security for faster start times.
Judging from Python-3.5.0/Python/random.c:118, it will use the getrandom() syscall with flags=0, and according to the getrandom(2) man page, this will read from /dev/urandom, and also block if the nonblocking entropy pool is not initialized yet. (The man page also mentions explicitly that the random bytes returned by it can be used for cryptographic purposes, for all else, see Filippo Valsordas talk at 32c3 [0] ;-)) So, even if it does not solve the original problem (long boot times), I see nothing wrong with doing this for every user. [0]: https://www.youtube.com/watch?v=Q8JAlZ-HJQI > Besides, not having enough entropy will lead to other problems as well. Oh, could you please elaborate on that? :-) - Roland
signature.asc
Description: OpenPGP digital signature
_______________________________________________ ptxdist mailing list ptxdist@pengutronix.de
