patch request for os.urandom()
Christian Heimes
christian at python.org
Thu Jul 17 16:12:16 EDT 2014
On 17.07.2014 20:34, Paul Rubin wrote:
> Could os.urandom() be patched to use the new Linux getrandom() system
> call on systems where it is available? Further info:
>
> http://lists.openwall.net/linux-kernel/2014/07/17/235
>
> I've stopped posting to the Python bug tracker because the password
> management issues became too annoying.
>
The feature will be implemented as soon as the first Linux distribution
comes with a kernel version that supports the new syscall. By the way
Python 3.4 is not vulnerable to fd exhaustion attack. The interpreter
keeps an open file descriptor on /dev/urandom. The wrapper code ensures
that the fd is not replaced.
More information about the Python-list
mailing list