Re: maradns reproducibility fixes and the merits of picking a random number

[Efraim Flashner]

On Tue, Jun 07, 2022 at 08:11:54AM -0400, Brian Cully via Development of GNU 
Guix and the GNU System distribution. wrote:
> 
> > > The upstream website says: "People like MaraDNS because it’s ...
> > > remarkably secure." [1] Since many distributions have the same
> > > issue,
> > > upstream could perhaps offer the patch as a build switch to enable a
> > > build-time seed only when needed.
> > 
> > Sounds like the safest option. Maybe we could change the code that uses
> > that number to naise an exception or abort?
> 
> This seems like the best option to me, as well: either add a flag to
> explicitly enable embedding a constant, or remove the code entirely and
> replace it with a build failure (or runtime failure, if a build failure is
> not possible). It seems like a mis-feature to me to embed a constant seed,
> and invites silent misconfiguration which will lead to security breaches.
> 
> -bjc

I like the idea of forcing the program to segfault if it looks for
/dev/urandom and it isn't there more than distributing a randomized
prime number.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

signature.asc
Description: PGP signature