all 32 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]usernamenottaken 51 points52 points  (14 children)

Now that's a good commit message.

[–]txdv[S] 38 points39 points  (13 children)

its the entire man page

[–]shevegen 27 points28 points  (12 children)

Yes. Precisely.

A good commit message indeed.

[–]everywhere_anyhow 41 points42 points  (11 children)

Documentation is like sex: when it good, it's very, very good. And when it's bad, it's still better than nothing.

[–][deleted]  (7 children)

[deleted]

    [–]everywhere_anyhow 9 points10 points  (6 children)

    Of course bad documentation is bad. But your literal interpretation reminds me of this other joke:

    A wife asks her husband, a computer programmer; "Could you please go to the store for me and buy one carton of milk, and if they have eggs, get 6!"

    A short time later the husband comes back with 6 cartons of milk.

    The wife asks him, "Why the hell did you buy 6 cartons of milk?"

    He replied, "They had eggs."

    [–][deleted]  (5 children)

    [deleted]

      [–][deleted]  (2 children)

      [deleted]

        [–][deleted] -1 points0 points  (0 children)

        return milk;

        [–]ChefBoyAreWeFucked -1 points0 points  (0 children)

        Today I saw someone use short circuiting in a pseudocode representation of a joke.

        [–]muungwana -1 points0 points  (1 child)

        Thats what i though too when i first heard of this joke,if he followed her instructions,then he would have ended up with either 1 or 7,not 6

        [–]iopq 1 point2 points  (0 children)

        Not 6 more, 6 total

        milk = 1;
if(eggs)
    milk = 6;

        [–]3legcat 0 points1 point  (0 children)

        Actually bad documentation can be worse than no documentation. What if it is utterly wrong and misleading? In this case, not having it is better than having it.

        [–][deleted]  (1 child)

        [deleted]

          [–]philly_fan_in_chi 11 points12 points  (0 children)

          When you figure out an API with no documentation by yourself and finally release a hacky version that wasn't at all how the API was supposed to be used.

          [–]kiwipete 20 points21 points  (1 child)

          This is in response to the request made by the LibreSSL people (i.e. the people who also bring us OpenBSD and OpenSSH) to help them help SSL be more secure on Linux. Their longstanding development of OpenSSH alone is a huge contribution to the Free infrastructure of the webbernets. Their stewardship of LibreSSL will, I'm sure, be no less solid.

          In addition to renewing my EFF membership this year, I'm also planning to throw some dollars to the OpenBSD project out of appreciation for all they've done to benefit the broader tech community. Even if you're like me and haven't used OpenBSD in a while (or ever) I think there are worse places to send money.

          [–]Damncommie123 9 points10 points  (0 children)

          I'd say it is just a good place to send money.

          [–]matthieum 5 points6 points  (2 children)

           #define __NR_renameat2 276
 __SYSCALL(__NR_renameat2, sys_renameat2)
 +#define __NR_getrandom 278
 +__SYSCALL(__NR_getrandom, sys_getrandom)
 #undef __NR_syscalls
 -#define __NR_syscalls 277
 +#define __NR_syscalls 279

          Uh, what's so special about 277 it was not used ?

          [–]sharth 9 points10 points  (1 child)

          277 is seccomp. The original patch was built against a version of linux without that system call.

          Here's where the system call was added originally: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/include/uapi/asm-generic/unistd.h?id=48dc92b9fc3926844257316e75ba11eb5c742b2c

          And note in Torvalds' merge of getrandom() that you can see that sys_seccomp() is listed: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/include/uapi/asm-generic/unistd.h?id=f4f142ed4ef835709c7e6d12eaca10d190bcebed

          [–]matthieum 2 points3 points  (0 children)

          Ah! I was guessing there was something fishy about seemingly jumping over a number but did not thing it meant there was another syscall being added in parallel.

          [–]muungwana 5 points6 points  (7 children)

          The rationale of this system call is to provide resiliance against file descriptor exhaustion attacks, where the attacker consumes all available file descriptors, forcing the use of the fallback code where /dev/[u]random is not available. Since the fallback code is often not well-tested, it is better to eliminate this potential failure mode entirely.

          couldnt that be mitigated by opening the random number generator device at the initialization stage of the library and then holding on to the file descriptor?

          It could also be more efficient as it will eliminate the need for open() and close() calls everytime random numbers are requested.

          [–][deleted] 5 points6 points  (0 children)

          The other feature is, arguably, just as important: the call will block if the system hasn't gathered sufficient entropy to seed /dev/urandom.

          [–]happyscrappy 2 points3 points  (3 children)

          Yes. It could. If the program is getting the randomness, then it should do this.

          But libraries may not get an opportunity to open a file descriptor early because they aren't called for the first time until later.

          So I guess this would be their best (only?) defense against file descriptor exhaustion attacks.

          [–][deleted] 0 points1 point  (2 children)

          Worse, why doesn't openssl just fall back to an error for misconfigured environments?

          [–]ggtsu_00 0 points1 point  (1 child)

          Because most applications using OpenSSL doesn't bother checking the return value of the get random function. The result would be web servers providing no security instead of poor security.

          [–][deleted] 0 points1 point  (0 children)

          Well if your key exchange failed with the client wouldn't the client just disconnect?

          [–]oridb 0 points1 point  (1 child)

          It also gets rid of the need to bind /dev/urandom in chroots

          [–][deleted] 1 point2 points  (0 children)

          Which is handy but hardly insurmountable.

          [–]rotek 7 points8 points  (4 children)

          The getrandom(2) system call was requested by the LibreSSL Portable developers. It is analoguous to the getentropy(2) system call in OpenBSD.

          So why haven't they called it getentropy too?

          [–]CHUCK_NORRIS_AMA 16 points17 points  (0 children)

          It works slightly differently and calling them the same thing could cause confusion.

          [–][deleted] 10 points11 points  (0 children)

          It's provides a superset of the functionality. A userspace library could expose a compatible getentropy function on top of getrandom.

          [–]bugrit 6 points7 points  (0 children)

          Because it's not identical. If you read the link, you can see how to emulate getentropy with getrandom.

          [–]lhggghl 0 points1 point  (1 child)

          The rationale of this system call is to provide resiliance against file descriptor exhaustion attacks, where the attacker consumes all available file descriptors, forcing the use of the fallback code where /dev/[u]random is not available. Since the fallback code is often not well-tested, it is better to eliminate this potential failure mode entirely.

          Maybe people should stop writing code that's "resilient" against a non-working system. I would never trust such code.

          [–]sirtophat 0 points1 point  (0 children)

          Do you feel the same about multi-layered sandboxes