From 21ac3d44377ee82b905144f48530c0ad0247517d Mon Sep 17 00:00:00 2001 From: oech3 <79379754+oech3@users.noreply.github.com> Date: Sun, 24 May 2026 21:09:12 +0900 Subject: [PATCH] shadow-core: use getrandom from rustix (#165) to replace unsafe libc::getrandom Co-authored-by: oech3 <> --- Cargo.toml | 2 +- src/shadow-core/src/crypt.rs | 8 ++------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index b8b3f0f..89d5014 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -59,7 +59,7 @@ uucore = "0.8" thiserror = "2" # Unix/Linux -rustix = { version = "1", features = ["process", "fs", "termios", "param"] } +rustix = { version = "1", features = ["fs", "param", "process", "rand", "termios"] } libc = "0.2" # Security diff --git a/src/shadow-core/src/crypt.rs b/src/shadow-core/src/crypt.rs index 2e24147..924af53 100644 --- a/src/shadow-core/src/crypt.rs +++ b/src/shadow-core/src/crypt.rs @@ -51,13 +51,9 @@ impl CryptMethod { /// Generate a random salt string for crypt(3). fn generate_salt(method: CryptMethod, rounds: Option) -> Result { let mut rand_bytes = [0u8; 16]; - // Use getrandom(2) syscall — works in chroot environments without /dev/urandom. - // SAFETY: getrandom(2) writes into a valid buffer and returns bytes written or -1. - let ret = unsafe { libc::getrandom(rand_bytes.as_mut_ptr().cast(), rand_bytes.len(), 0) }; - if ret < 0 || ret.cast_unsigned() < rand_bytes.len() { - return Err(ShadowError::Other("getrandom(2) failed".into())); - } + rustix::rand::getrandom(&mut rand_bytes, rustix::rand::GetRandomFlags::empty()) + .map_err(|_| ShadowError::Other("getrandom(2) failed".into()))?; let salt_str: String = rand_bytes .iter()