Bug 234906 - Improve bash $RANDOM pseudo RNG
Improve bash $RANDOM pseudo RNG
Product: Fedora
Classification: Fedora
Component: bash (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Pete Graner
Ben Levenson
: FutureFeature
Depends On:
Blocks: F8Target
  Show dependency treegraph
Reported: 2007-04-02 15:43 EDT by Tomas Mraz
Modified: 2008-01-11 17:04 EST (History)
1 user (show)

See Also:
Fixed In Version: 3.2-19.fc7
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-11 17:04:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Proposed patch (4.89 KB, patch)
2007-04-05 06:03 EDT, Tomas Mraz
no flags Details | Diff
Improved patch (5.69 KB, patch)
2007-08-20 10:48 EDT, Tomas Mraz
no flags Details | Diff

  None (edit)
Description Tomas Mraz 2007-04-02 15:43:51 EDT
Description of problem:
The bash $RANDOM pseudo RNG is very weak and seeded with just PID and time.

It should at least use glibc's random() implementation which has better
properties. Or some other pseudo RNG with better cryptographic properties. Also
the default seed should be from /dev/urandom or at least using gettimeofday if
/dev/urandom is not available.

If you agree with the above I'll provide a patch.
Comment 1 Steve Grubb 2007-04-02 17:01:34 EDT
All other shells properly seed the random number generator. I tested ksh, tcsh,
and zsh. They all have better random number generators than bash. This patch
should get into RHEL5/4 at some point.
Comment 2 Tomas Mraz 2007-04-05 06:03:22 EDT
Created attachment 151746 [details]
Proposed patch

The patch uses glibc random number generator instead of the builtin and adds
support for seeding the rng from /dev/urandom.
Comment 3 Steve Grubb 2007-04-05 09:13:46 EDT
Reviewed patch. Looks OK to me. Assuming this patch looks good to others, we
should clone the bug for RHEL5.1 & RHEL4.6.
Comment 4 Tim Waugh 2007-04-05 09:30:28 EDT
Patch looks good to me.
Comment 5 Tomas Mraz 2007-04-05 10:30:30 EDT
Will you push it upstream Tim?
Comment 6 Steve Grubb 2007-06-11 08:49:53 EDT
Hi...what's the status on this? rawhide does not appear to have a good random
number generator nor does FC6 or 7. Thanks.
Comment 7 Tim Waugh 2007-06-11 08:56:12 EDT
Haven't had time to look at this yet.  I've marked it as an F8 target.
Comment 8 Pete Graner 2007-08-15 13:50:55 EDT
Patch appears to work, test packages are here:

Comment 9 Steve Grubb 2007-08-19 08:31:45 EDT
Tomas, I was looking over the patch after seeing AVC's for all kinds of
programs. I think we can improve the patch by doing a lazy init of RANDOM. This
will improve performance since now every shell script has to open /dev/urandom
and read from it , reduce the number of AVC's to the programs that really need
access to /dev/uranmdom, and help preserve the entropy by not using it when not
Comment 10 Tomas Mraz 2007-08-20 10:48:09 EDT
Created attachment 161886 [details]
Improved patch

This improved patch initializes the bash random number generator only on demand
- that is when you'll ask for $RANDOM.
The patch also fixes another bug in the bash rng code - the rng was not
reinitialized in deeper subshells so this command:
(echo $RANDOM ; (echo $RANDOM ; echo $RANDOM) ; (echo $RANDOM ; echo $RANDOM) ;
(echo $RANDOM ; echo $RANDOM))
returned values like:

although they all should be random values instead.
Comment 11 Steve Grubb 2007-08-22 14:59:42 EDT
This patch tests good. We should apply this patch to bash and respin.
Comment 12 Pete Graner 2007-08-22 19:08:20 EDT
I built this on 2007-08-20 12:21:11 but we have not had a rawhide push in a few
days :-( you can find the pkg here until then:


Putting in MODIFIED I'll move to CLOSED RAWHIDE once we actually have a new push.
Comment 13 Pete Graner 2007-08-28 16:18:42 EDT
Looks good. Closing.
Comment 14 Fedora Update System 2007-11-28 20:32:45 EST
bash-3.2-19.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update bash'
Comment 15 Fedora Update System 2008-01-11 17:04:31 EST
bash-3.2-19.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.