Florian Weimer, le sam. 01 janv. 2022 18:27:49 +0100, a ecrit: > > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int > > flags) > > size_t amount_read; > > int fd; > > > > - if (&trivfs_server_name && trivfs_server_name > > - && trivfs_server_name[0] == 'r' > > - && trivfs_server_name[1] == 'a' > > - && trivfs_server_name[2] == 'n' > > - && trivfs_server_name[3] == 'd' > > - && trivfs_server_name[4] == 'o' > > - && trivfs_server_name[5] == 'm' > > - && trivfs_server_name[6] == '\0') > > + if (&__trivfs_server_name && __trivfs_server_name > > + && __trivfs_server_name[0] == 'r' > > + && __trivfs_server_name[1] == 'a' > > + && __trivfs_server_name[2] == 'n' > > + && __trivfs_server_name[3] == 'd' > > + && __trivfs_server_name[4] == 'o' > > + && __trivfs_server_name[5] == 'm' > > + && __trivfs_server_name[6] == '\0') > > /* We are random, don't try to read ourselves! */ > > return length; > > How does this work? It's a new synbol name, so there's no definition, > so the weak reference is always null.
It is peeking it from the program. Basically the problem is that the random translator uses glibc, whose malloc implementation started using /dev/random in glibc 2.34, thus reading itself. Samuel
