Date: Sat, 23 Jul 2005 13:09:41 -0600 (MDT) From: "M. Warner Losh" <imp@bsdimp.com> To: grog@freebsd.org Cc: dougb@freebsd.org, freebsd-current@freebsd.org Subject: Re: cvs commit: src/games/fortune/fortune fortune.c Message-ID: <20050723.130941.93453281.imp@bsdimp.com> In-Reply-To: <20050723064449.GZ842@wantadilla.lemis.com> References: <20050723020120.GV842@wantadilla.lemis.com> <42E1DFCE.6090506@FreeBSD.org> <20050723064449.GZ842@wantadilla.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message: <20050723064449.GZ842@wantadilla.lemis.com> "Greg 'groggy' Lehey" <grog@freebsd.org> writes: : You should take a look at what I committed. It simply uses the : microsecond value returned by getlocaltime() for the automatic seeding : by srandomdev(). It fixes the problem. I can see only two : explanations: : : 1. srandomdev(), random(4) or friends are broken. : 2. random(4) has been initialized incorrectly. : : Currently I'm guessing (2), but I don't care much either way. When sradnomdev() is broken, *DO*NOT* kludge around them by committing half-baked "fixes" like you did. It is broken. We need to find out the *REAL* cause of the problem. If Rush gets more quotes than normal, and that annoys people to find the real problem, we shouldn't mask it. It is a really bad choice from a security point of view. Warner
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050723.130941.93453281.imp>