In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

In D45683#1045076, @kevans wrote:

In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

In D45683#1045082, @markj wrote:

In D45683#1045076, @kevans wrote:

In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

Oh, sorry, it's over in https://reviews.freebsd.org/D45681

In D45683#1045084, @kevans wrote:

In D45683#1045082, @markj wrote:

In D45683#1045076, @kevans wrote:

In D45683#1045059, @markj wrote:

Does it make sense in general to fortify non-standard interfaces like arc4random_buf()?

I'm curious to hear your thoughts here, because I hadn't considered there may be a reason not to -- their uses are still susceptible to the same kind of easy-to-catch bugs you might make with many of the standardized interfaces, so if they don't add much complexity I assumed it was worth it even if they're not often-used.

Am I right that this patch series doesn't fortify arc4random_buf(), or did I just miss it? I'd assume it's worth it as well, I don't see a downside.

Oh, sorry, it's over in https://reviews.freebsd.org/D45681

I did miss it, my bad. I had just forgotten about that patch.