[PATCH] D20084: [sanitizer] Initial implementation of a Hardened Allocator
Dmitry Vyukov via llvm-commits
llvm-commits at lists.llvm.org
Sat May 28 23:46:21 PDT 2016
dvyukov added inline comments.
================
Comment at: projects/compiler-rt/lib/hardened_allocator/scudo_utils.cc:99
@@ +98,3 @@
+Xorshift128Plus::Xorshift128Plus() {
+ int Fd = open("/dev/urandom", O_RDONLY);
+ bool Success = readRetry(Fd, reinterpret_cast<u8 *>(&State_0_),
----------------
urandom is not secure and can allow to guess the cookie in a local setuid binary.
http://reviews.llvm.org/D20084
More information about the llvm-commits
mailing list