Fix: check /dev/urandom is a character device

Sanity checks /dev/urandom to be character device, not a tempered file, a socket or whatever. Also makes sure that FD_CLOEXEC is set. closes #4752
crystal-lang · Aug 1, 2017 · a609119 · a609119
1 parent c8cb5cd
commit a609119
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 3 deletions.
diff --git a/src/crystal/system/unix/getrandom.cr b/src/crystal/system/unix/getrandom.cr
@@ -12,8 +12,9 @@ module Crystal::System::Random
 
     if sys_getrandom(Bytes.new(16)) >= 0
       @@getrandom_available = true
-    else
+    elsif File.stat("/dev/urandom").chardev?
       @@urandom = urandom = File.open("/dev/urandom", "r")
+      urandom.close_on_exec = true
       urandom.sync = true # don't buffer bytes
     end
   end

diff --git a/src/crystal/system/unix/urandom.cr b/src/crystal/system/unix/urandom.cr
@@ -6,8 +6,11 @@ module Crystal::System::Random
 
   private def self.init
     @@initialized = true
-    @@urandom = urandom = File.open("/dev/urandom", "r")
-    urandom.sync = true # don't buffer bytes
+    if File.stat("/dev/urandom").chardev?
+      @@urandom = urandom = File.open("/dev/urandom", "r")
+      urandom.close_on_exec = true
+      urandom.sync = true # don't buffer bytes
+    end
   end
 
   def self.random_bytes(buf : Bytes) : Nil