STINNER Victor added the comment:

I modified Python 3.5, 3.6 and 3.7 to fall back on reading /dev/urandom when 
getrandom() syscall fails with EPERM.

Thanks for the bug report iwings!

Note: Python 2.7 does not use getrandom() and so is not impacted.


Christian:
> Did you open a bug with your vendor, too? QNAP is clearly violating Kernel 
> APIs. getrandom() is not suppose to fail with EPERM.

I don't know if it can be seen as a violation of the Kernel API, but at least, 
it doesn't seem to be something smart to block getrandom() syscall. getrandom() 
was designed to enhance the security of applications ;-)


Nick:
> With #27778 implemented, there's also the question of how os.getrandom() will 
> react to security policies that restrict access to the getrandom syscalls (vs 
> just not having it available in the kernel).

This is no question: os.getrandom() of Python 3.6 is a thin wrapper on the 
syscall. If the syscall fails, the Python function raises an exception ;-) 
OSError(EPERM) on this case.

----------
resolution:  -> fixed
status: open -> closed
versions: +Python 3.7 -Python 2.7

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue27955>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to