Closed josephlr closed 1 month ago
@briansmith the above are really good point w.r.t. sandboxing. I think that it would be good to have general documentation along the lines of "before starting a sandbox, you should first successfully call getrandom()
on a non-empty buffer". That should be good platform-agnostic advice, and will handle things like LoadLibrary
and libc::dlsym
.
More generally, this won't work inside many sandboxes, including Chromium's.
I think that this won't cause issues in some sandboxes provided that ProcessPRNG
is already loaded. IIRC the sandbox only complains on loading a new dll, not upon looking up a symbol from an already loaded DLL. Regardless, having specific documentation will be good here.
@newpavlov and @briansmith this is now ready for review!
Use
ProcessPrng
on Windows 10 and up, and useRtlGenRandom
on older legacy Windows versions. Don't useBCryptGenRandom
due to stability issues.