osrandom_engine should validate the fd's st_dev and st_ino

pyca / cryptography

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

https://cryptography.io

Other

6.63k stars 1.52k forks source link

osrandom_engine should validate the fd's st_dev and st_ino #2007

Closed tiran closed 9 years ago

tiran commented 9 years ago

CPython keeps a persistent fd to /dev/urandom, too. It also keeps the fd's st_dev and st_ino around and validates both before it reads from the fd. The extra check prevents tampering with the fd.

http://bugs.python.org/issue21207

reaperhulk commented 9 years ago

:+1:

reaperhulk commented 9 years ago

This issue is no longer relevant since we've landed #2073