Not sure how a library is going to keep a caller from closing a descriptor - I'v... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		blahrf on July 15, 2014 \| parent \| context \| favorite \| on: LibreSSL's PRNG is Unsafe on Linux Not sure how a library is going to keep a caller from closing a descriptor - I've certainly seen people attempt to close them all in code before a fork, but that's probably pathological. However that doesn't work across a re-exec, which would also be good practice in many situations (ASLR) - so having to keep a descriptor open to do this would actually discourage secure programming practices because the library would screw you then. What's here will work in that case from the look of it. (assuming sysctl is there, or the voodoo isn't really that bad, I can't tell myself yet... still looking)

agwa on July 15, 2014 | [–]

Those are good points. Really, Linux needs a proper, non-deprecated, syscall for this.

quotemstr on July 15, 2014 | [–]

It's reasonable to require that an exec in a chroot have a minimal /dev. If you execute a program in a broken environment, it breaks. That shouldn't be surprising.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact