Re: [PATCH v43 01/15] Linux Random Number Generator

From: Matthew Garrett
Date: Tue Jan 11 2022 - 12:11:03 EST

Next message: Mike Rapoport: "Re: [PATCH] mm/pgtable: define pte_index so that preprocessor could recognize it"
Previous message: Wei Fu: "Re: [PATCH bpf] tools/bpf: only set obj->skeleton without err"
In reply to: Alexander E. Patrakov: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Next in thread: Jason A. Donenfeld: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jan 11, 2022 at 02:57:54PM +0500, Alexander E. Patrakov wrote:

> LD_PRELOAD is not a solution because of containers and statically-linked
> binaries.

No, it doesn't solve all problems, but the question is whether it needs
to. We're talking about the scenario where:

a) a customer requires FIPS compliance, and
b) the customer has an app that calls getrandom() and doesn't fallback,
and
c) they're doing so with statically linked binaries or container
infrastructure that doesn't allow injection of other libraries

How common is this? Does the kernel need to solve this scenario?

Next message: Mike Rapoport: "Re: [PATCH] mm/pgtable: define pte_index so that preprocessor could recognize it"
Previous message: Wei Fu: "Re: [PATCH bpf] tools/bpf: only set obj->skeleton without err"
In reply to: Alexander E. Patrakov: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Next in thread: Jason A. Donenfeld: "Re: [PATCH v43 01/15] Linux Random Number Generator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]