Bug#685575: opentracker debian folder passes lintian

Wed, 10 Sep 2014 07:49:01 -0700 

On 2014-09-10 10:28:46, Roman Valls Guimera wrote:
> 31 aug 2014 kl. 22:25 skrev Antoine Beaupré <anar...@anarcat.ath.cx>:
>
>> On 2014-08-30 17:01:29, Antoine Beaupré wrote:
>>> Looking at this, I wonder if some features should be enabled in the
>>> build. I am thinking of:
>>> 
>>> WANT_SYSLOGS
>>> WANT_V6
>>> WANT_COMPRESSION_GZIP
>> 
>> 
>> Reading the code quickly, it seems that WANT_DEV_RANDOM should probably
>> be used as well, otherwise the RNG is seeded on time(NULL), which is
>> bad.
>
> Humm, I agree that this might seem confusing and I’m not a crypto expert, but 
> the seed is still relative to the timestamp, not NULL… it’s not random(null), 
> but random(time(null)). Time(NULL) returns current time:
>
> http://stackoverflow.com/questions/7550269/what-is-timenull-in-c

Right, that is what i meant - seeding on the timestamp is bad.

> Also, as I mentioned before, srandomdev() does not exist in modern linux 
> distributions, only srandom(). It does exist though in FreeBSD, but we are 
> not concerned about it here…

True, srandomdev() is only on FreeBSD, i am not sure anymore how to seed
the RNG with /dev/random here...

Let's say it's not a blocker for now.

>> I also looked at WANT_V6 and it seems mostly concerned about storage,
>> display and data structures, but network routines seem to do the right
>> thing, so i wonder why this is necessarily exclusive…
>
> What makes you think so? Again, I am not an expert, but it does seem like 
> networking code:
>
> static int64_t ot_try_bind( ot_ip6 ip, uint16_t port, PROTO_FLAG proto ) {
>   int64 sock = proto == FLAG_TCP ? socket_tcp6( ) : socket_udp6( );

This seems to decide between TCP and UDP, but both are in IPv6.

> #ifndef WANT_V6
>   if( !ip6_isv4mapped(ip) ) {
>     exerr( "V4 Tracker is V4 only!" );
>   }
> #else
>   if( ip6_isv4mapped(ip) ) {
>     exerr( "V6 Tracker is V6 only!" );
>   }
> #endif

This seems to be just a check that could easily be removed.

> Since IPV4 is still the most popular stack today, should we package it with 
> it enabled and look for an improvement (transparent ipv4/ipv6 support) later 
> on?

Sure, let's start with that - can we file a bug upstream or something?

A.

-- 
Au nom de l'état, la force s'appelle droit.
Au main de l'individu, elle s'appelle crime.
                        - Max Stirner

Attachment: pgpL9ESKBMUNc.pgp
Description: PGP signature

Reply via email to