From 4b8c953c7010e73b3855508d74cb74392fcae8d3 Mon Sep 17 00:00:00 2001 From: Ryan El Kochta Date: Tue, 26 May 2026 22:03:03 -0700 Subject: [PATCH] getrandom: allow GRND_INSECURE flag Because we fetch from urandom under the assumption that the host urandom has sufficient entropy, we can allow and silently ignore GRND_INSECURE for the same reason we currently allow and silently ignore GRND_NONBLOCK. The randomness will be more secure than what was requested, but this is fine. PiperOrigin-RevId: 921880454 --- pkg/sentry/syscalls/linux/sys_random.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkg/sentry/syscalls/linux/sys_random.go b/pkg/sentry/syscalls/linux/sys_random.go index c41a1ceb27..5c3f88401c 100644 --- a/pkg/sentry/syscalls/linux/sys_random.go +++ b/pkg/sentry/syscalls/linux/sys_random.go @@ -29,6 +29,7 @@ import ( const ( _GRND_NONBLOCK = 0x1 _GRND_RANDOM = 0x2 + _GRND_INSECURE = 0x4 ) // GetRandom implements the linux syscall getrandom(2). @@ -36,15 +37,15 @@ const ( // In a multi-tenant/shared environment, the only valid implementation is to // fetch data from the urandom pool, otherwise starvation attacks become // possible. The urandom pool is also expected to have plenty of entropy, thus -// the GRND_RANDOM flag is ignored. The GRND_NONBLOCK flag does not apply, as -// the pool will already be initialized. +// the GRND_RANDOM and GRND_INSECURE flags are ignored. The GRND_NONBLOCK flag +// does not apply, as the pool will already be initialized. func GetRandom(t *kernel.Task, sysno uintptr, args arch.SyscallArguments) (uintptr, *kernel.SyscallControl, error) { addr := args[0].Pointer() length := args[1].SizeT() flags := args[2].Int() // Flags are checked for validity but otherwise ignored. See above. - if flags & ^(_GRND_NONBLOCK|_GRND_RANDOM) != 0 { + if flags & ^(_GRND_NONBLOCK|_GRND_RANDOM|_GRND_INSECURE) != 0 { return 0, nil, linuxerr.EINVAL }