On Mon 25 Feb 2013 02:17, Mark H Weaver <m...@netris.org> writes: > Andy Wingo <wi...@pobox.com> writes: > >> On Wed 20 Feb 2013 00:38, Jan Schukat <shoo...@email.de> writes: >> >>> What happens is, in random.c in random_state_of_last_resort on line 668 >>> scm_getpid is used to seed the random generator. So either a >>> preprocessor switch or a hand constructed scm like in scm_getpid >>> (scm_from_ulong(getpid())) should be used there. >> >> Fixed, thanks for the report. > > This has potential security implications. If the same program is run > multiple times in the same second, then without something like a PID, > there's a significant danger that two runs of the program will use the > same random seed.
Our PRNG is not secure. We should not be making arguments from the perspective of security. (I think including the PID is a good thing, but not because of security.) > Therefore, I think we ought to try hard to ensure that something like a > PID will always be included in this seed. Perhaps 'scm_getpid' should > be included even when building --without-posix. Why don't we just add the result of getpid() without relying on the scm_getpid() binding. All platforms have it. > At the very least, the documentation (which currently claims that the > PID is included in the random-state-of-last-resort) should be adjusted > to reflect the new reality. I just took care of that. Thanks for following up. TBH though I would prefer that if you already know the solution, to go ahead and fix it instead of writing a mail and fixing the docs. Much easier on users (and developers :) if Guile just does the right thing. Andy -- http://wingolog.org/
