This is the mail archive of the
mailing list for the GCC project.
Re: [PATCH] libssp should not use /dev/random on Windows
- From: Jeff Law <law at redhat dot com>
- To: Georg Koppen <gk at torproject dot org>, gcc-patches at gcc dot gnu dot org
- Date: Mon, 09 Feb 2015 18:44:52 -0700
- Subject: Re: [PATCH] libssp should not use /dev/random on Windows
- Authentication-results: sourceware.org; auth=none
- References: <54D48AB6 dot 3040703 at torproject dot org>
On 02/06/15 02:34, Georg Koppen wrote:
Thanks. I've written a ChangeLog for this change and installed it on
inline is a patch to avoid using /dev/random on Windows in ssp.c. If it
is getting used there might be a local malicious process supplying fake
random values (e.g. via C:\dev\random) rendering SSP useless.
Comments/review are much appreciated. The patch is against the 4.9 branch:
From 372698ef051b776cc30e9ebd2aac7291c19ff506 Mon Sep 17 00:00:00 2001
From: Erinn Clark <firstname.lastname@example.org>
Date: Wed, 12 Mar 2014 16:09:10 +0100
Subject: [PATCH] Don't use /dev/random on Windows, because it is not a
Apart from that some process might be able to supply fake
random data with e.g. c:\dev\urandom rendering SSP useless.
This patch was written by skruffy, thanks!