Message277065
I modified Python 3.5, 3.6 and 3.7 to fall back on reading /dev/urandom when getrandom() syscall fails with EPERM.
Thanks for the bug report iwings!
Note: Python 2.7 does not use getrandom() and so is not impacted.
Christian:
> Did you open a bug with your vendor, too? QNAP is clearly violating Kernel APIs. getrandom() is not suppose to fail with EPERM.
I don't know if it can be seen as a violation of the Kernel API, but at least, it doesn't seem to be something smart to block getrandom() syscall. getrandom() was designed to enhance the security of applications ;-)
Nick:
> With #27778 implemented, there's also the question of how os.getrandom() will react to security policies that restrict access to the getrandom syscalls (vs just not having it available in the kernel).
This is no question: os.getrandom() of Python 3.6 is a thin wrapper on the syscall. If the syscall fails, the Python function raises an exception ;-) OSError(EPERM) on this case. |
|
Date |
User |
Action |
Args |
2016-09-20 20:56:29 | vstinner | set | recipients:
+ vstinner, ncoghlan, christian.heimes, python-dev, iwings |
2016-09-20 20:56:29 | vstinner | set | messageid: <1474404989.6.0.588871320322.issue27955@psf.upfronthosting.co.za> |
2016-09-20 20:56:29 | vstinner | link | issue27955 messages |
2016-09-20 20:56:29 | vstinner | create | |
|