RFR 8156709: Cannot call setSeed on NativePRNG on Mac if EGD is /dev/urandom

Wang Weijun weijun.wang at oracle.com
Wed May 11 00:35:19 UTC 2016


> On May 11, 2016, at 7:55 AM, Bradford Wetmore <bradford.wetmore at oracle.com> wrote:
> 
> What a stupid bug in MacOS.  You can write to /dev/random, but not /dev/urandom.

My understanding is that the entropy pool is on the /dev/random side, so you can write into it. On the /dev/urandom side, it seed from /dev/random and there is no meaning write into it, hence forbidden.

--Max

> 
> Yosemite:
> $ uname -a
> Darwin smarks 14.5.0 Darwin Kernel Version 14.5.0: Tue Sep  1 21:23:09 PDT 2015; root:xnu-2782.50.1~1/RELEASE_X86_64 x86_64
> (4:51:18 PM) $ ls -al /dev/*random
> crw-rw-rw-  1 root  wheel   11,   0 May 10 16:50 /dev/random
> crw-rw-rw-  1 root  wheel   11,   1 May 10 16:39 /dev/urandom
> 
> Change looks good.
> 
> Brad
> 
> 
> 
> On 5/10/2016 4:23 PM, Wang Weijun wrote:
>> Hi All
>> 
>> Please review the fix at
>> 
>>  http://cr.openjdk.java.net/~weijun/8156709/webrev.00/
>> 
>> On *nix, we open EGD and write into it when setSeed() is called. We were aware of the device not openable and have been ignoring it (Note we still write to a mix random). Now it seems on a Mac is can be opened for write but not writable.
>> 
>> See this jshell output, the exception is thrown on write().
>> 
>> -> new FileOutputStream("/dev/urandom").write(12)
>> |  java.io.IOException thrown: Operation not permitted
>> |        at FileOutputStream.write (Native Method)
>> |        at FileOutputStream.write (FileOutputStream.java:291)
>> |        at (#17:1)
>> 
>> Thanks
>> Max
>> 




More information about the security-dev mailing list