GNU bug report logs - #13768
--without-posix code uses scm_getpid() in libguile-2.0.2

Previous Next

Package: guile;

Reported by: Jan Schukat <shookie <at> email.de>

Date: Tue, 19 Feb 2013 23:42:01 UTC

Severity: normal

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Mark H Weaver <mhw <at> netris.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#13768: closed (--without-posix code uses scm_getpid() in
 libguile-2.0.2)
Date: Mon, 25 Feb 2013 19:01:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Mon, 25 Feb 2013 13:58:27 -0500
with message-id <87bob85igc.fsf <at> tines.lan>
and subject line Re: bug#13768: --without-posix code uses scm_getpid() in libguile-2.0.2
has caused the debbugs.gnu.org bug report #13768,
regarding --without-posix code uses scm_getpid() in libguile-2.0.2
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
13768: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=13768
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Jan Schukat <shookie <at> email.de>
To: bug-guile <at> gnu.org
Subject: --without-posix code uses scm_getpid() in libguile-2.0.2
Date: Wed, 20 Feb 2013 00:38:15 +0100

I'm experimenting a little with statically linking a minimal build of 
libguile. So while no one really would want to build it it with 
--without-posix (except when you want the same functionality on all 
platforms including windows in your program), and this is a low priority 
bug and I can easily fix it myself for my purposes, it is still a bug.

What happens is, in random.c in random_state_of_last_resort on line 668 
scm_getpid is used to seed the random generator. So either a 
preprocessor switch or a hand constructed scm like in scm_getpid 
(scm_from_ulong(getpid())) should be used there.

Regards



[Message part 3 (message/rfc822, inline)]
From: Mark H Weaver <mhw <at> netris.org>
To: Andy Wingo <wingo <at> pobox.com>
Cc: 13768-done <at> debbugs.gnu.org, shookie <at> email.de
Subject: Re: bug#13768: --without-posix code uses scm_getpid() in
	libguile-2.0.2
Date: Mon, 25 Feb 2013 13:58:27 -0500

Hi Andy,

Andy Wingo <wingo <at> pobox.com> writes:
> Our PRNG is not secure.  We should not be making arguments from the
> perspective of security.  (I think including the PID is a good thing,
> but not because of security.)

Indeed, point well taken.

> Why don't we just add the result of getpid() without relying on the
> scm_getpid() binding.  All platforms have it.

Ah, good!  I didn't know that getpid() was available on MinGW.

> Thanks for following up.  TBH though I would prefer that if you already
> know the solution, to go ahead and fix it instead of writing a mail and
> fixing the docs.

Agreed.  I didn't know the solution until just now.  I have done as you
suggested above, and am now closing this bug.

    Thanks,
      Mark
This bug report was last modified 12 years and 91 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.