RFR 8156709: Cannot call setSeed on NativePRNG on Mac if EGD is /dev/urandom
Wang Weijun
weijun.wang at oracle.com
Wed May 11 00:35:19 UTC 2016
> On May 11, 2016, at 7:55 AM, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
>
> What a stupid bug in MacOS. You can write to /dev/random, but not /dev/urandom.
My understanding is that the entropy pool is on the /dev/random side, so you can write into it. On the /dev/urandom side, it seed from /dev/random and there is no meaning write into it, hence forbidden.
--Max
>
> Yosemite:
> $ uname -a
> Darwin smarks 14.5.0 Darwin Kernel Version 14.5.0: Tue Sep 1 21:23:09 PDT 2015; root:xnu-2782.50.1~1/RELEASE_X86_64 x86_64
> (4:51:18 PM) $ ls -al /dev/*random
> crw-rw-rw- 1 root wheel 11, 0 May 10 16:50 /dev/random
> crw-rw-rw- 1 root wheel 11, 1 May 10 16:39 /dev/urandom
>
> Change looks good.
>
> Brad
>
>
>
> On 5/10/2016 4:23 PM, Wang Weijun wrote:
>> Hi All
>>
>> Please review the fix at
>>
>> http://cr.openjdk.java.net/~weijun/8156709/webrev.00/
>>
>> On *nix, we open EGD and write into it when setSeed() is called. We were aware of the device not openable and have been ignoring it (Note we still write to a mix random). Now it seems on a Mac is can be opened for write but not writable.
>>
>> See this jshell output, the exception is thrown on write().
>>
>> -> new FileOutputStream("/dev/urandom").write(12)
>> | java.io.IOException thrown: Operation not permitted
>> | at FileOutputStream.write (Native Method)
>> | at FileOutputStream.write (FileOutputStream.java:291)
>> | at (#17:1)
>>
>> Thanks
>> Max
>>
More information about the security-dev
mailing list