cvs commit: src/games/fortune/fortune fortune.c
Greg 'groggy' Lehey
grog at lemis.com
Sat Jul 23 23:07:13 GMT 2005
On Saturday, 23 July 2005 at 13:09:41 -0600, M. Warner Losh wrote:
> In message: <20050723064449.GZ842 at wantadilla.lemis.com>
> "Greg 'groggy' Lehey" <grog at freebsd.org> writes:
>> You should take a look at what I committed. It simply uses the
>> microsecond value returned by getlocaltime() for the automatic seeding
>> by srandomdev(). It fixes the problem. I can see only two
>> explanations:
>>
>> 1. srandomdev(), random(4) or friends are broken.
>> 2. random(4) has been initialized incorrectly.
>>
>> Currently I'm guessing (2), but I don't care much either way.
>
> When sradnomdev() is broken, *DO*NOT* kludge around them by
> committing half-baked "fixes" like you did.
This code is good enough for fortune. Nobody's claiming that it's a
solution to random number generation. Others should look at that
aspect, not get involved in a commit war.
> It is broken. We need to find out the *REAL* cause of the problem.
Agreed. Is anybody doing that? It's not my area.
> If Rush gets more quotes than normal, and that annoys people to find
> the real problem, we shouldn't mask it. It is a really bad choice
> from a security point of view.
So it's better to back perfectly valid code rather than to look for
the real culprit? What kind of security is that?
Greg
--
The virus once contained in this message has lost interest in life,
shrivelled up and died. LEMIS anti-virus has given it an appropriate
burial.
For further details see http://www.lemis.com/grog/lemis-virus.html
Finger grog at lemis.com for PGP public key.
See complete headers for address and phone numbers.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20050724/8138f92f/attachment.bin
More information about the freebsd-current
mailing list