Permalink
Browse files

Set session.entropy_file to /dev/urandom or /dev/arandom by

default if present at compile-time.  Addresses part of bug #51436
  • Loading branch information...
1 parent e0f9199 commit 9692a3619c8def5f558fabb7b89284e199616587 @rlerdorf rlerdorf committed Mar 31, 2010
Showing with 42 additions and 11 deletions.
  1. +3 −1 NEWS
  2. +13 −1 UPGRADING
  3. +7 −0 Zend/Zend.m4
  4. +8 −0 ext/session/session.c
  5. +6 −3 php.ini-development
  6. +5 −6 php.ini-production
View
4 NEWS
@@ -13,7 +13,9 @@ PHP NEWS
- Added command line option --rz to CLI. (Johannes)
- default_charset if not specified is now UTF-8 instead of ISO-8859-1. (Rasmus)
-
+- default session.entropy_file is now /dev/urandom or /dev/arandom if either
+ is present at compile time. (Rasmus)
+
?? ??? 20??, PHP 5.3.3
- Upgraded bundled PCRE to version 8.01. (Ilia)
View
14 UPGRADING
@@ -40,7 +40,19 @@ UPGRADE NOTES - PHP X.Y
default_charset = iso-8859-1
- to your php.ini to preserve pre-PHPX.Y behavior
+ to your php.ini to preserve pre-PHPX.Y behavior.
+
+- We now check at compile time if /dev/urandom or /dev/arandom
+ are present to provide non-blocking entropy to session id
+ generation. If either is present, session.entropy_file
+ now defaults to that file and session.entropy_length defaults
+ to 32. If you do not want extra entropy for your session ids
+ for some reason, add:
+
+ session.entropy_file=
+ session.entropy_length=0
+
+ to your php.ini to preserve pre-PHPX.Y behavior.
=============================
2. Reserved words and classes
View
7 Zend/Zend.m4
@@ -419,4 +419,11 @@ if test -r "/dev/urandom" && test -c "/dev/urandom"; then
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
+ AC_MSG_CHECKING(whether /dev/arandom exists)
+ if test -r "/dev/arandom" && test -c "/dev/arandom"; then
+ AC_DEFINE([HAVE_DEV_ARANDOM], 1, [Define if the target system has /dev/arandom device])
+ AC_MSG_RESULT(yes)
+ else
+ AC_MSG_RESULT(no)
+ fi
fi
View
8 ext/session/session.c
@@ -781,8 +781,16 @@ PHP_INI_BEGIN()
STD_PHP_INI_BOOLEAN("session.use_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_BOOLEAN("session.use_only_cookies", "1", PHP_INI_ALL, OnUpdateBool, use_only_cookies, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.referer_check", "", PHP_INI_ALL, OnUpdateString, extern_referer_chk, php_ps_globals, ps_globals)
+#if HAVE_DEV_URANDOM
+ STD_PHP_INI_ENTRY("session.entropy_file", "/dev/urandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
+#elif HAVE_DEV_ARANDOM
+ STD_PHP_INI_ENTRY("session.entropy_file", "/dev/arandom", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
+ STD_PHP_INI_ENTRY("session.entropy_length", "32", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
+#else
STD_PHP_INI_ENTRY("session.entropy_file", "", PHP_INI_ALL, OnUpdateString, entropy_file, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.entropy_length", "0", PHP_INI_ALL, OnUpdateLong, entropy_length, php_ps_globals, ps_globals)
+#endif
STD_PHP_INI_ENTRY("session.cache_limiter", "nocache", PHP_INI_ALL, OnUpdateString, cache_limiter, php_ps_globals, ps_globals)
STD_PHP_INI_ENTRY("session.cache_expire", "180", PHP_INI_ALL, OnUpdateLong, cache_expire, php_ps_globals, ps_globals)
PHP_INI_ENTRY("session.use_trans_sid", "0", PHP_INI_ALL, OnUpdateTransSid)
View
9 php.ini-development
@@ -1582,15 +1582,18 @@ session.referer_check =
; How many bytes to read from the file.
; http://php.net/session.entropy-length
-session.entropy_length = 0
+;session.entropy_length = 32
; Specified here to create the session id.
; http://php.net/session.entropy-file
+; Defaults to /dev/urandom
+; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
+; If neither are found at compile time, the default is no entropy file.
;session.entropy_file = /dev/urandom
-session.entropy_file =
; http://php.net/session.entropy-length
-;session.entropy_length = 16
+; defaults to 32
+;session.entropy_length = 32
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
View
11 php.ini-production
@@ -1588,17 +1588,16 @@ session.bug_compat_warn = Off
; http://php.net/session.referer-check
session.referer_check =
-; How many bytes to read from the file.
-; http://php.net/session.entropy-length
-session.entropy_length = 0
-
; Specified here to create the session id.
; http://php.net/session.entropy-file
+; Defaults to /dev/urandom
+; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
+; If neither are found at compile time, the default is no entropy file.
;session.entropy_file = /dev/urandom
-session.entropy_file =
; http://php.net/session.entropy-length
-;session.entropy_length = 16
+; defaults to 32
+;session.entropy_length = 32
; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.

0 comments on commit 9692a36

Please sign in to comment.