Make named and the rest of BIND seed their RNG from /dev/urandom, not /dev/random. Better would be to rip the enormous gonkulating RNG machinery out of libisc entirely. Later.

2014-07-13 22:06:56 +00:00 · 2014-07-13 22:06:56 +00:00 · 916085404d
parent 7d10db2303
commit 916085404d
4 changed files with 5 additions and 5 deletions
--- a/etc/rc.d/named
+++ b/etc/rc.d/named
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: named,v 1.24 2014/07/08 07:04:07 spz Exp $
+# $NetBSD: named,v 1.25 2014/07/13 22:06:56 tls Exp $
 #

 # PROVIDE: named
@ -101,7 +101,7 @@ named_precmd()
 		;;
 	esac

-	for i in null random; do
+	for i in null random urandom; do
 		if [ ! -c "${named_chrootdir}/dev/$i" ]; then
 			rm -f "${named_chrootdir}/dev/$i"
 			(cd /dev && 
--- a/external/bsd/bind/dist/configure
+++ b/external/bsd/bind/dist/configure
@ -14049,7 +14049,7 @@ $as_echo "unspecified" >&6; }
 				devrandom=/dev/arandom
 				;;
 			*)
-				devrandom=/dev/random
+				devrandom=/dev/urandom
 				;;
 		esac
 		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $devrandom" >&5
--- a/external/bsd/bind/dist/configure.in
+++ b/external/bsd/bind/dist/configure.in
@ -930,7 +930,7 @@ case "$use_randomdev" in
 				devrandom=/dev/arandom
 				;;
 			*)
-				devrandom=/dev/random
+				devrandom=/dev/urandom
 				;;
 		esac
 		AC_MSG_RESULT($devrandom)
--- a/external/bsd/bind/include/config.h
+++ b/external/bsd/bind/include/config.h
@ -132,7 +132,7 @@ int sigwait(const unsigned int *set, int *sig);
 #endif /** SHUTUP_STDARG_CAST && __GNUC__ */

 /** define if the system has a random number generating device */
-#define PATH_RANDOMDEV "/dev/random"
+#define PATH_RANDOMDEV "/dev/urandom"

 /** define if pthread_attr_getstacksize() is available */
 #define HAVE_PTHREAD_ATTR_GETSTACKSIZE 1