diff --git a/Cargo.toml b/Cargo.toml index b8b3f0f..89d5014 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -59,7 +59,7 @@ uucore = "0.8" thiserror = "2" # Unix/Linux -rustix = { version = "1", features = ["process", "fs", "termios", "param"] } +rustix = { version = "1", features = ["fs", "param", "process", "rand", "termios"] } libc = "0.2" # Security diff --git a/src/shadow-core/src/crypt.rs b/src/shadow-core/src/crypt.rs index 2e24147..924af53 100644 --- a/src/shadow-core/src/crypt.rs +++ b/src/shadow-core/src/crypt.rs @@ -51,13 +51,9 @@ impl CryptMethod { /// Generate a random salt string for crypt(3). fn generate_salt(method: CryptMethod, rounds: Option) -> Result { let mut rand_bytes = [0u8; 16]; - // Use getrandom(2) syscall — works in chroot environments without /dev/urandom. - // SAFETY: getrandom(2) writes into a valid buffer and returns bytes written or -1. - let ret = unsafe { libc::getrandom(rand_bytes.as_mut_ptr().cast(), rand_bytes.len(), 0) }; - if ret < 0 || ret.cast_unsigned() < rand_bytes.len() { - return Err(ShadowError::Other("getrandom(2) failed".into())); - } + rustix::rand::getrandom(&mut rand_bytes, rustix::rand::GetRandomFlags::empty()) + .map_err(|_| ShadowError::Other("getrandom(2) failed".into()))?; let salt_str: String = rand_bytes .iter()