mirror of
https://github.com/systemd/systemd
synced 2024-09-16 06:43:18 +00:00
random-util: Add an environment variable to disable RDRAND.
SYSTEMD_RDRAND=0 will prevent using RDRAND even on systems whose CPUID claims to support it. All other values have no effect. Fixes: #17112
This commit is contained in:
parent
6de6f4891f
commit
fbccb980e5
|
@ -80,6 +80,9 @@ All tools:
|
|||
honoured on systems built with libxcrypt and is ignored on systems using
|
||||
glibc's original, internal crypt() implementation.)
|
||||
|
||||
* `$SYSTEMD_RDRAND=0` — if set, the RDRAND instruction will never be used,
|
||||
even if the CPU supports it.
|
||||
|
||||
systemctl:
|
||||
|
||||
* `$SYSTEMCTL_FORCE_BUS=1` — if set, do not connect to PID1's private D-Bus
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
#endif
|
||||
|
||||
#include "alloc-util.h"
|
||||
#include "env-util.h"
|
||||
#include "errno-util.h"
|
||||
#include "fd-util.h"
|
||||
#include "fileio.h"
|
||||
|
@ -116,6 +117,15 @@ int rdrand(unsigned long *ret) {
|
|||
#endif
|
||||
|
||||
have_rdrand = !!(ecx & bit_RDRND);
|
||||
|
||||
if (have_rdrand > 0) {
|
||||
/* Allow disabling use of RDRAND with SYSTEMD_RDRAND=0
|
||||
If it is unset getenv_bool_secure will return a negative value. */
|
||||
if (getenv_bool_secure("SYSTEMD_RDRAND") == 0) {
|
||||
have_rdrand = false;
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (have_rdrand == 0)
|
||||
|
|
Loading…
Reference in a new issue