aboutsummaryrefslogtreecommitdiff
path: root/configure.ac
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2014-04-16 14:54:39 -0400
committerNick Mathewson <nickm@torproject.org>2014-04-16 22:03:09 -0400
commite6785ee16dce675aa770616bcdbd128d5dfb1132 (patch)
tree3f5c1b6d827946b36c1aaff010265e9dec432d4f /configure.ac
parent156eefca454e10440d1070f7500e1708589fc64b (diff)
downloadtor-e6785ee16dce675aa770616bcdbd128d5dfb1132.tar.gz
tor-e6785ee16dce675aa770616bcdbd128d5dfb1132.zip
Get Libevent's PRNG functioning under the linux sandbox
Libevent uses an arc4random implementation (I know, I know) to generate DNS transaction IDs and capitalization. But it liked to initialize it either with opening /dev/urandom (which won't work under the sandbox if it doesn't use the right pointer), or with sysctl({CTL_KERN,KERN_RANDOM,RANDOM_UUIC}). To make _that_ work, we were permitting sysctl unconditionally. That's not such a great idea. Instead, we try to initialize the libevent PRNG _before_ installing the sandbox, and make sysctl always fail with EPERM under the sandbox.
Diffstat (limited to 'configure.ac')
-rw-r--r--configure.ac1
1 files changed, 1 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac
index 6e41041961..6e5331b4c6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -435,6 +435,7 @@ AC_CHECK_FUNCS([event_get_version \
event_set_log_callback \
evdns_set_outgoing_bind_address \
evutil_secure_rng_set_urandom_device_file \
+ evutil_secure_rng_init \
event_base_loopexit])
AC_CHECK_MEMBERS([struct event.min_heap_idx], , ,
[#include <event.h>