Hi John,
On Mon, Sep 04, 2017 at 06:42:37PM +0200, John Hughes wrote:
Sendmail, on start, closes all fd's above 2.
Since sendmail is linked to libldap, which is linked to gnutls this
means sendmail closes fd 3, on which gnutls has opened /dev/urandom.
Later on in the sendmail run fd 3 gets reopened, and if a ldap
function is called then gnutls unceremoniously closes the fd and
reopens /dev/urandom.
From sendmail's point of view it looks like one of its files has
suddenly been replaced with random garbage!
I'm sorry for not responding to this for so long, but do you recall what
release of Debian you saw this behaviour on?
I've been looking at this ticket again and it looks like in stretch
(Debian 9) and later, GnuTLS uses the getrandom() system call and does
not open/reopen anything. So I'm wondering whether you encountered this
problem in stretch as well, or only in jessie - or whether getrandom()
is for some reason not available on your setup and GnuTLS falls back to
opening urandom.
If you still have the same problem on stretch or buster, I'd welcome any
info about how to set up a system to reproduce it.
Thanks
Ryan
