Bypass Dev/Urandom|Random for Testing

bypass dev/urandom|random for testing

If your system is new enough (e.g. RHEL 7) and supports setns syscall it can be done with the help of mount namespaces. Root access is required.

The idea is to create a separate mount namespace for the process, and inside that namespace bind-mount some other file or FIFO over /dev/random so that the processes from this mount namespace would read the data from this bind-mounted file. Other processes will see the regular /dev/random.

Here is how to do that.

Preparation: run the following command to make all this stuff work (as it may not work by default, see this question for details).

# mount --make-rprivate /

Now let's create a shell running inside a new mount namespace.

# unshare -m /bin/bash

You have the new bash started which has its own mount namespace. You can compare the result of the following command from inside this shell and from some other shell:

This shell:

# ls -l /proc/self/ns/mnt
lrwxrwxrwx. 1 root root 0 Sep 26 16:06 /proc/self/ns/mnt -> mnt:[4026532148]

Other shell:

$ ls -l /proc/self/ns/mnt
lrwxrwxrwx. 1 ec2-user ec2-user 0 Sep 26 16:06 /proc/self/ns/mnt -> mnt:[4026531840]

Note that the numbers differ, so the two shells are in the different mount namespaces and the mounts performed from the first shell will not be visible to other processes in the system (except all the children of this shell).

Now in this shell we can bind-mount something over the existing /dev/random.

# echo 'some large text' > /tmp/fakerandom
# mount --bind /tmp/fakerandom /dev/random

Other processes don't see that, for them /dev/random works as usual:

$ ls -l /dev/random
crw-rw-rw-. 1 root root 1, 8 Sep 26 15:45 /dev/random
$ cat /dev/random
�Znp7�v�c��Ω^C

But in our shell it's special:

# ls -l /dev/random
-rw-r--r--. 1 root root 16 Sep 26 16:18 /dev/random
# cat /dev/random
some large text

For the functional testing you may want to substitute /dev/random with some FIFO and write some known data to that FIFO in some other process (see mkfifo(1) for more information on that if needed).

More information about mount namespaces can be found in this excellent article.

How to deal with a slow SecureRandom generator?

If you want true random data, then unfortunately you have to wait for it. This includes the seed for a SecureRandom PRNG. Uncommon Maths can't gather true random data any faster than SecureRandom, although it can connect to the internet to download seed data from a particular website. My guess is that this is unlikely to be faster than /dev/random where that's available.

If you want a PRNG, do something like this:

SecureRandom.getInstance("SHA1PRNG");

What strings are supported depends on the SecureRandom SPI provider, but you can enumerate them using Security.getProviders() and Provider.getService().

Sun is fond of SHA1PRNG, so it's widely available. It isn't especially fast as PRNGs go, but PRNGs will just be crunching numbers, not blocking for physical measurement of entropy.

The exception is that if you don't call setSeed() before getting data, then the PRNG will seed itself once the first time you call next() or nextBytes(). It will usually do this using a fairly small amount of true random data from the system. This call may block, but will make your source of random numbers far more secure than any variant of "hash the current time together with the PID, add 27, and hope for the best". If all you need is random numbers for a game, though, or if you want the stream to be repeatable in future using the same seed for testing purposes, an insecure seed is still useful.

Mockito bypass static method for testing

Changed my testing to :

@Test
public void testHandleIn() throws Exception
{
  IPDO pdo = new PDODummy();

  MyClass handler = new MyClass ();
  MyClass handler2 = spy(handler);

  doReturn(pdo ).when( handler2 ).getIPDO();
  PDOUtil.setPDO(pdo, LogicalFieldEnum.P_TX_CTGY, "test123");
  IPDO pdoNew = handler2.getIPDO();

  Assert.assertEquals("test123,(PDOUtil.getValueAsString(pdoNew, LogicalFieldEnum.P_TX_CTGY)));

}

Solved after reading Effective Mockito.

Quickly create an uncompressible large file on a Linux system

You may tray use /dev/urandom or /dev/random to fill your file for example 


@debian-10:~$ SECONDS=0; dd if=/dev/urandom of=testfile bs=10M count=1000 ;echo $SECONDS
1000+0 record in
1000+0 record out
10485760000 bytes (10 GB, 9,8 GiB) copied, 171,516 s, 61,1 MB/s
171

Using bigger bs a little small time is needed:


*@debian-10:~$ SECONDS=0; dd if=/dev/urandom of=testfile bs=30M count=320 ;echo $SECONDS
320+0 record in
320+0 record out
10066329600 bytes (10 GB, 9,4 GiB) copied, 164,498 s, 61,2 MB/s
165

171 seconds VS. 165 seconds


Related Topics

How to Use If/Else Awk to Evaluate a File and Extract This Information

Complete Password Field Scp Command on Linux

Change The Rlimit_Nproc in Linux

Cvs Error: Failed to Create Lock Directory... Permission Denied

Start Tomcat from Eclipse in Port 80 in Ubuntu with Authbind

Linux Intel 64Bit Assembly Division

Occi Linkage Error with Gcc 5

Link Extraction from a Google Page in Bash

Can't Load Mod_Wsgi Compiled for Python 3

Format and Filter File to CSV Table

Perl and Bash Variable Substitution, with Hexadecimal Characters and Repeat Count

Can't Increment a 0-Padded Number Past 8 in Busybox Sh

Linux Shared Library Depends on Symbols in Another Shared Library Opened by Dlopen with Rtld_Local

What's The Relation Between 32/64-Bit Application, Os and Processor

Difference Between The Commands "Gcloud Compute Ssh" and "Ssh"

Most Efficient Way to Concatenate Thousands of Files in Perl

A Wrong Size of "Len" Calculated by $ - Symbol with Fasm Equ

Multi-Architectural Binary Rpm and The Noarch


Leave a reply



Submit