On Sun, Feb 19, 2017 at 06:33:59PM +0100, Ingo Schwarze wrote: > Hi Anton, > > Anton Lindqvist wrote on Sun, Feb 19, 2017 at 08:29:31AM +0100: > > > Usage of rand was replaced with arc4random (var.c, r1.17) and later > > documented (ksh.1, r1.70). The change was later on reverted (var.c, > > r1.39) back to using rand and srand_deterministic. The patch below > > removes the explicit mention of arc4random and documents the current > > behavior. > > I think both the current text and your patch are wrong.
Yes, and the revert was not actually a revert, but rather a simplification. The change of behavior in rand(3) that happened a bit earlier made these changes superfluous: Change rand(), random(), drand48(), lrand48(), mrand48(), and srand48() to returning strong random by default, source from arc4random(3). Parameters to the seeding functions are ignored, and the subsystems remain in strong random mode. If you wish the standardized deterministic mode, call srand_deterministic(), srandom_determistic(), srand48_deterministic(), seed48_deterministic() or lcong48_deterministic() instead. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/rand.c?rev=1.11&content-type=text/x-cvsweb-markup > The current text says that srand(3) is used. > That, indeed, is not true, so thanks for the heads-up. > > Your patch deletes a sentence that is actually true: > "By default, arc4random(3) is used to produce values." > That is true because rand(3) uses arc4random(3) by default. > I think we should keep that information. It tells people that > on OpenBSD, ksh(1) RANDOM is of decent quality by default. > > So, here is my suggestion. I don't think we need to say that ksh(1) > calls arc4random(3) indirectly via rand(3). From the perspective > of ksh(1) users, that's an implementation detail. > > OK? I agree with all of the above. ok
