bypass dev/urandom|random for testing bypass dev/urandom|random for testing linux linux

bypass dev/urandom|random for testing


linux testing random chroot

If your system is new enough (e.g. RHEL 7) and supports setns syscall it can be done with the help of mount namespaces. Root access is required.

The idea is to create a separate mount namespace for the process, and inside that namespace bind-mount some other file or FIFO over /dev/random so that the processes from this mount namespace would read the data from this bind-mounted file. Other processes will see the regular /dev/random.

Here is how to do that.

Preparation: run the following command to make all this stuff work (as it may not work by default, see this question for details).

# mount --make-rprivate /

Now let's create a shell running inside a new mount namespace.

# unshare -m /bin/bash

You have the new bash started which has its own mount namespace. You can compare the result of the following command from inside this shell and from some other shell:

This shell:

# ls -l /proc/self/ns/mntlrwxrwxrwx. 1 root root 0 Sep 26 16:06 /proc/self/ns/mnt -> mnt:[4026532148]

Other shell:

$ ls -l /proc/self/ns/mntlrwxrwxrwx. 1 ec2-user ec2-user 0 Sep 26 16:06 /proc/self/ns/mnt -> mnt:[4026531840]

Note that the numbers differ, so the two shells are in the different mount namespaces and the mounts performed from the first shell will not be visible to other processes in the system (except all the children of this shell).

Now in this shell we can bind-mount something over the existing /dev/random.

# echo 'some large text' > /tmp/fakerandom# mount --bind /tmp/fakerandom /dev/random

Other processes don't see that, for them /dev/random works as usual:

$ ls -l /dev/randomcrw-rw-rw-. 1 root root 1, 8 Sep 26 15:45 /dev/random$ cat /dev/random�Znp7�v�c��Ω^C

But in our shell it's special:

# ls -l /dev/random-rw-r--r--. 1 root root 16 Sep 26 16:18 /dev/random# cat /dev/randomsome large text

For the functional testing you may want to substitute /dev/random with some FIFO and write some known data to that FIFO in some other process (see mkfifo(1) for more information on that if needed).

More information about mount namespaces can be found in this excellent article.

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last