[Security-sig] Implementation of the PEP 524

Nick Coghlan ncoghlan at gmail.com
Wed Aug 17 12:39:58 EDT 2016


On 17 August 2016 at 03:28, Victor Stinner <victor.stinner at gmail.com> wrote:
> Hi,
>
> I wrote a first implementation of the PEP 524 (make os.urandom blocking):
>
> * https://bugs.python.org/issue27776 : "PEP 524: Make os.urandom()
> blocking on Linux"
> * https://bugs.python.org/issue27778 : "PEP 524: Add os.getrandom()"
>
> My patches are now waiting for your review :-)

Thanks for tackling this, Victor!

I'll do a proper review tomorrow (OK, technically, later today), but
could we take a slightly different approach to handling the new
"blocking" parameter in py_getrandom?

Specifically, I'd like to still make the initial call with
GRND_NONBLOCK, then have conditional handling of EAGAIN such that:

- if blocking is not set, it behaves as it does now
- if blocking *is* set, it prints a warning to stderr, before trying
again without the GRND_NONBLOCK flag

That would address the main problem I was worried about in PEP 522,
which is folks potentially being faced with an unexpected application
or service hang, and few clues about where to start in debugging it.

The only downside I see is needing two syscalls instead of one in the
blocking case, but I'd expect the "blocking" part to be the main delay
there, rather than the second syscall.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia


More information about the Security-SIG mailing list