hplip needs /dev/random.... ?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jun 19 15:15:39 UTC 2006
On Mon, 19 Jun 2006 10:30:02 BST, Tim Waugh said:
> Doesn't seem to require a cryptographically random number here. In
> fact, I'm not even sure it needs to be a freshly-random number each
> time; perhaps '1' is sufficient. It's just for a transaction ID which
> is never checked as far as I can tell.
>
> Should I patch hplip to use '1' here instead of random.randint() do you
> think?
If it's used, you should use at least a semi-random number to prevent
replay attacks. If it's not used, it should be gutted entirely. Just setting
it to 1 and praying is the wrong way to approach it in either case....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060619/3ce60717/attachment.sig>
More information about the fedora-selinux-list
mailing list