STINNER Victor added the comment: I modified Python 3.5, 3.6 and 3.7 to fall back on reading /dev/urandom when getrandom() syscall fails with EPERM.
Thanks for the bug report iwings! Note: Python 2.7 does not use getrandom() and so is not impacted. Christian: > Did you open a bug with your vendor, too? QNAP is clearly violating Kernel > APIs. getrandom() is not suppose to fail with EPERM. I don't know if it can be seen as a violation of the Kernel API, but at least, it doesn't seem to be something smart to block getrandom() syscall. getrandom() was designed to enhance the security of applications ;-) Nick: > With #27778 implemented, there's also the question of how os.getrandom() will > react to security policies that restrict access to the getrandom syscalls (vs > just not having it available in the kernel). This is no question: os.getrandom() of Python 3.6 is a thin wrapper on the syscall. If the syscall fails, the Python function raises an exception ;-) OSError(EPERM) on this case. ---------- resolution: -> fixed status: open -> closed versions: +Python 3.7 -Python 2.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27955> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
