Skip to content

feat(vfs): add /dev/urandom and /dev/random to virtual filesystem#632

Merged
chaliy merged 3 commits intomainfrom
claude/add-dev-urandom-JUV5V
Mar 15, 2026
Merged

feat(vfs): add /dev/urandom and /dev/random to virtual filesystem#632
chaliy merged 3 commits intomainfrom
claude/add-dev-urandom-JUV5V

Conversation

@chaliy
Copy link
Contributor

@chaliy chaliy commented Mar 14, 2026

Summary

  • Add /dev/urandom and /dev/random as virtual device files in InMemoryFs
  • Reads return 8KB of random bytes per call, preventing unbounded memory growth (TM-DOS-003)
  • Supports common patterns like od -An -N8 -tx1 /dev/urandom that previously failed with "file not found"

What changed

  • crates/bashkit/src/fs/memory.rs: Register /dev/urandom and /dev/random as VFS entries; intercept read_file to return bounded random bytes via RandomState hasher
  • specs/003-vfs.md: Document new device files
  • specs/006-threat-model.md + crates/bashkit/docs/threat-model.md: Update TM-DOS-003 mitigation from "No /dev/urandom in VFS" to "bounded 8KB reads"
  • Updated file count limits in existing tests to account for 2 new initial files

Test plan

  • Unit tests: read returns 8192 bytes, different data each read, exists check, write-then-read still returns random, path normalization bypass
  • Integration tests: od -An -N8 -tx1 /dev/urandom, cat /dev/urandom > /dev/null, input redirect < /dev/urandom, /dev/random parity
  • Security: path traversal via /dev/../dev/urandom resolves correctly
  • Existing tests updated: file count limits, overlay symlink limits
  • Full suite: 1986 tests pass, clippy clean, fmt clean

chaliy added 3 commits March 14, 2026 23:54
@chaliy
feat(vfs): add /dev/urandom and /dev/random to virtual filesystem
2fed768 
Reads return 8KB of random bytes per call, preventing unbounded memory
growth (TM-DOS-003) while supporting common patterns like
`od -An -N8 -tx1 /dev/urandom`.
@chaliy
fix(vfs): update file count limits in tests for new dev entries
4b5aae1 
Tests assumed 1 initial file (/dev/null), now 3 (/dev/null,
/dev/urandom, /dev/random).
@chaliy
test(vfs): add security and edge-case tests for /dev/urandom
a0c4ac6 
Cover write behavior, path normalization bypass, input redirect,
and /dev/random integration.
@chaliy chaliy merged commit e7c9b16 into main Mar 15, 2026
23 checks passed
@chaliy chaliy deleted the claude/add-dev-urandom-JUV5V branch March 15, 2026 00:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaliy