Old code patches never die
Today there was a security alert released covering almost all DNS server software, and in response a bunch of them were updated to improve the way they randomize one aspect of the protocol.
But I noticed that there was as yet no word on one DNS server program I use on my networks, dnsmasq. So I checked a bit, and discovered that the author had just released a release-candidate before going on a two-week vacation. I grabbed the latest code, and did a search for "random" in the supporting documentation. The result of that search?Upgraded random ID generation - patch from Rob Funk.
Oh yeah! I'd forgotten about sending in a patch way back when. I checked my own machine, and found that I still have a copy of that original patch in a backup folder, dated 2002. And when I looked deeper in the current code, I found the part I'd sent in, still unchanged. (Hey, those comments sound like something I'd write!)
Of course, that didn't answer my original question; my code improved the way the program gets random numbers, but other parts of the program determine how those numbers are used. And the ultimate answer seems to be that it relies on the underlying operating system for the randomness I was looking for.....
Update: I think my random code may finally need to be updated, as part of the mitigation for this whole problem. Needs more bits.
But I noticed that there was as yet no word on one DNS server program I use on my networks, dnsmasq. So I checked a bit, and discovered that the author had just released a release-candidate before going on a two-week vacation. I grabbed the latest code, and did a search for "random" in the supporting documentation. The result of that search?Upgraded random ID generation - patch from Rob Funk.
Oh yeah! I'd forgotten about sending in a patch way back when. I checked my own machine, and found that I still have a copy of that original patch in a backup folder, dated 2002. And when I looked deeper in the current code, I found the part I'd sent in, still unchanged. (Hey, those comments sound like something I'd write!)
Of course, that didn't answer my original question; my code improved the way the program gets random numbers, but other parts of the program determine how those numbers are used. And the ultimate answer seems to be that it relies on the underlying operating system for the randomness I was looking for.....
Update: I think my random code may finally need to be updated, as part of the mitigation for this whole problem. Needs more bits.