Hello. I'm attaching patches for adding the arc4random(3) library function. The 
patch includes a manual page. This function uses the free Arcfour (another-rc4) 
stream cipher, seeded with entropy. This function is intended for 
non-cryptographic uses, such as for mktemp.

As-is this patch takes 128 bits from /dev/urandom, or gettimeofday/getpid 
if /dev/urandom is not available. This can be more flexable, to use hp-timing. 
I would suggest arc4random() is used in place of hp-timing throughout the Glibc 
package, with the exception of the stack protector (for performance reasons), 
and use hp-timing in arc4random.c.

------- Additional Comment #1 From Robert Connolly 2007-04-24 04:24 -------

Created an attachment (id=1734)
--with-prng-device patch

This patch adds --with-prng-device= to allow users to specify their
/dev/urandom or /dev/arandom or /dev/erandom, to use with ssp and arc4random,
and future.

------- Additional Comment #2 From Robert Connolly 2007-04-24 04:26 -------

Created an attachment (id=1735)
arc4random() patch

This patch adds the arc4random() code. It depends on the prng patch to build it
as-is.

------- Additional Comment #3 From Robert Connolly 2007-04-24 04:28 -------

Created an attachment (id=1736)
arc4random mktemp/tempname patch

This patch is for tempname.c to make mktemp, and friends, use arc4random().

------- Additional Comment #4 From Robert Connolly 2007-04-24 07:48 -------

In resolv/res_init.c, res_randomid() could use arc4random() instead of 
getpid().

------- Additional Comment #5 From Ulrich Drepper 2007-04-24 19:52 -------

glibc is no dumping ground for arbitrary code.  The existing code is just find.
 Put your code in separate libraries.