emacs-bug-tracker
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#13768: closed (--without-posix code uses scm_getpi


From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#13768: closed (--without-posix code uses scm_getpid() in libguile-2.0.2)
Date: Mon, 25 Feb 2013 19:01:01 +0000

Your message dated Mon, 25 Feb 2013 13:58:27 -0500
with message-id <address@hidden>
and subject line Re: bug#13768: --without-posix code uses scm_getpid() in 
libguile-2.0.2
has caused the debbugs.gnu.org bug report #13768,
regarding --without-posix code uses scm_getpid() in libguile-2.0.2
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
13768: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13768
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: --without-posix code uses scm_getpid() in libguile-2.0.2 Date: Wed, 20 Feb 2013 00:38:15 +0100 User-agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130106 Thunderbird/17.0.2 I'm experimenting a little with statically linking a minimal build of libguile. So while no one really would want to build it it with --without-posix (except when you want the same functionality on all platforms including windows in your program), and this is a low priority bug and I can easily fix it myself for my purposes, it is still a bug.

What happens is, in random.c in random_state_of_last_resort on line 668 scm_getpid is used to seed the random generator. So either a preprocessor switch or a hand constructed scm like in scm_getpid (scm_from_ulong(getpid())) should be used there.

Regards



--- End Message ---
--- Begin Message --- Subject: Re: bug#13768: --without-posix code uses scm_getpid() in libguile-2.0.2 Date: Mon, 25 Feb 2013 13:58:27 -0500 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)
Hi Andy,

Andy Wingo <address@hidden> writes:
> Our PRNG is not secure.  We should not be making arguments from the
> perspective of security.  (I think including the PID is a good thing,
> but not because of security.)

Indeed, point well taken.

> Why don't we just add the result of getpid() without relying on the
> scm_getpid() binding.  All platforms have it.

Ah, good!  I didn't know that getpid() was available on MinGW.

> Thanks for following up.  TBH though I would prefer that if you already
> know the solution, to go ahead and fix it instead of writing a mail and
> fixing the docs.

Agreed.  I didn't know the solution until just now.  I have done as you
suggested above, and am now closing this bug.

    Thanks,
      Mark


--- End Message ---

reply via email to

[Prev in Thread] Current Thread [Next in Thread]