From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Andy Wingo <wingo@pobox.com>
Newsgroups: gmane.lisp.guile.bugs
Subject: bug#13768: --without-posix code uses scm_getpid() in libguile-2.0.2
Date: Mon, 25 Feb 2013 10:06:38 +0100
Message-ID: <87621g92zl.fsf@pobox.com>
References: <51240CE7.8030802@email.de> <87ip5hcyb1.fsf@pobox.com>
	<87sj4l5gzo.fsf@tines.lan>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain
X-Trace: ger.gmane.org 1361783261 11255 80.91.229.3 (25 Feb 2013 09:07:41 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 25 Feb 2013 09:07:41 +0000 (UTC)
Cc: 13768@debbugs.gnu.org, shookie@email.de
To: Mark H Weaver <mhw@netris.org>
Original-X-From: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org Mon Feb 25 10:08:02 2013
Return-path: <bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org>
Envelope-to: guile-bugs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org>)
	id 1U9u2S-0001pK-Fs
	for guile-bugs@m.gmane.org; Mon, 25 Feb 2013 10:08:00 +0100
Original-Received: from localhost ([::1]:37328 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org>)
	id 1U9u27-0007cs-Jg
	for guile-bugs@m.gmane.org; Mon, 25 Feb 2013 04:07:39 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:50346)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1U9u23-0007cM-RY
	for bug-guile@gnu.org; Mon, 25 Feb 2013 04:07:38 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1U9u20-0007TA-5R
	for bug-guile@gnu.org; Mon, 25 Feb 2013 04:07:35 -0500
Original-Received: from [140.186.70.43] (port=43440 helo=debbugs.gnu.org)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1U9u1z-0007RU-VL
	for bug-guile@gnu.org; Mon, 25 Feb 2013 04:07:32 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1U9u3R-0001Ts-SN
	for bug-guile@gnu.org; Mon, 25 Feb 2013 04:09:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Andy Wingo <wingo@pobox.com>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-guile@gnu.org
Resent-Date: Mon, 25 Feb 2013 09:09:01 +0000
Resent-Message-ID: <handler.13768.B13768.13617833035646@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 13768
X-GNU-PR-Package: guile
X-GNU-PR-Keywords: 
Original-Received: via spool by 13768-submit@debbugs.gnu.org id=B13768.13617833035646
	(code B ref 13768); Mon, 25 Feb 2013 09:09:01 +0000
Original-Received: (at 13768) by debbugs.gnu.org; 25 Feb 2013 09:08:23 +0000
Original-Received: from localhost ([127.0.0.1]:48904 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1U9u2o-0001Sz-Dv
	for submit@debbugs.gnu.org; Mon, 25 Feb 2013 04:08:23 -0500
Original-Received: from a-pb-sasl-quonix.pobox.com ([208.72.237.25]:39269
	helo=sasl.smtp.pobox.com) by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <wingo@pobox.com>) id 1U9u2m-0001St-BC
	for 13768@debbugs.gnu.org; Mon, 25 Feb 2013 04:08:21 -0500
Original-Received: from sasl.smtp.pobox.com (unknown [127.0.0.1])
	by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id E86CFA5D6;
	Mon, 25 Feb 2013 04:06:41 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to:cc
	:subject:references:date:in-reply-to:message-id:mime-version
	:content-type; s=sasl; bh=xtwygTJenEEpSIpQt02yiHEIG+k=; b=QmMfkT
	ryN5Y5xpvy5t+gfTkBNLOrw7BD+pbJlErJqvLJNJRx9qXcVXCbVTtV5APrI3CPmD
	zAj64pu7aETFb9fecD3Qo+6O6mN3E0uXUporDuWdH6UqAV1YhhKsoqtwYMMqt5q2
	XLGDiD3nyZYzJUa4xvamNOZvURGY/FqIdgcAc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:cc
	:subject:references:date:in-reply-to:message-id:mime-version
	:content-type; q=dns; s=sasl; b=SbixgGAAoWaYSKulEj2Ll0T+wEIssqM5
	MGhuYz3vskihy0Wl1LlAt2kPtNwUtY+FZSAQD1gn1ZouM+xoyE/zrDPRlQsGMMSq
	fXS3BDBpeXwrB5c15jPr7ttfUXqa9lhsjj/GKZoKaOpln44lkNarCtxcOX20jT0q
	iFdly4y+jP8=
Original-Received: from a-pb-sasl-quonix.pobox.com (unknown [127.0.0.1])
	by a-pb-sasl-quonix.pobox.com (Postfix) with ESMTP id D3690A5D5;
	Mon, 25 Feb 2013 04:06:41 -0500 (EST)
Original-Received: from badger (unknown [88.160.190.192]) (using TLSv1 with cipher
	DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by
	a-pb-sasl-quonix.pobox.com (Postfix) with ESMTPSA id 2BC97A5D4;
	Mon, 25 Feb 2013 04:06:41 -0500 (EST)
In-Reply-To: <87sj4l5gzo.fsf@tines.lan> (Mark H. Weaver's message of "Sun, 24
	Feb 2013 20:17:47 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)
X-Pobox-Relay-ID: AB4161B0-7F2A-11E2-9B00-1C2F0E5B5709-02397024!a-pb-sasl-quonix.pobox.com
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-guile@gnu.org
List-Id: "Bug reports for GUILE,
	GNU's Ubiquitous Extension Language" <bug-guile.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guile>,
	<mailto:bug-guile-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guile>
List-Post: <mailto:bug-guile@gnu.org>
List-Help: <mailto:bug-guile-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guile>,
	<mailto:bug-guile-request@gnu.org?subject=subscribe>
Errors-To: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org
Original-Sender: bug-guile-bounces+guile-bugs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.lisp.guile.bugs:6790
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.bugs/6790>

On Mon 25 Feb 2013 02:17, Mark H Weaver <mhw@netris.org> writes:

> Andy Wingo <wingo@pobox.com> writes:
>
>> On Wed 20 Feb 2013 00:38, Jan Schukat <shookie@email.de> writes:
>>
>>> What happens is, in random.c in random_state_of_last_resort on line 668
>>> scm_getpid is used to seed the random generator. So either a
>>> preprocessor switch or a hand constructed scm like in scm_getpid
>>> (scm_from_ulong(getpid())) should be used there.
>>
>> Fixed, thanks for the report.
>
> This has potential security implications.  If the same program is run
> multiple times in the same second, then without something like a PID,
> there's a significant danger that two runs of the program will use the
> same random seed.

Our PRNG is not secure.  We should not be making arguments from the
perspective of security.  (I think including the PID is a good thing,
but not because of security.)

> Therefore, I think we ought to try hard to ensure that something like a
> PID will always be included in this seed.  Perhaps 'scm_getpid' should
> be included even when building --without-posix.

Why don't we just add the result of getpid() without relying on the
scm_getpid() binding.  All platforms have it.

> At the very least, the documentation (which currently claims that the
> PID is included in the random-state-of-last-resort) should be adjusted
> to reflect the new reality.  I just took care of that.

Thanks for following up.  TBH though I would prefer that if you already
know the solution, to go ahead and fix it instead of writing a mail and
fixing the docs.  Much easier on users (and developers :) if Guile just
does the right thing.

Andy
-- 
http://wingolog.org/