Use getentropy() in mkstemp/mkdtemp replacement.

config.h.in

@@ -268,6 +268,9 @@
 /* Define to 1 if you have the `getdomainname' function. */
 #undef HAVE_GETDOMAINNAME
 
+/* Define to 1 if you have the `getentropy' function. */
+#undef HAVE_GETENTROPY
+
 /* Define to 1 if you have the `getgrouplist' function. */
 #undef HAVE_GETGROUPLIST
 

configure

@@ -20446,6 +20446,19 @@ _ACEOF
 fi
 done
 
+    if test X"$ac_cv_func_arc4random" != X"yes"; then
+	for ac_func in getentropy
+do :
+  ac_fn_c_check_func "$LINENO" "getentropy" "ac_cv_func_getentropy"
+if test "x$ac_cv_func_getentropy" = xyes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETENTROPY 1
+_ACEOF
+
+fi
+done
+
+    fi
     case " $LIBOBJS " in
   *" mktemp.$ac_objext "* ) ;;
   *) LIBOBJS="$LIBOBJS mktemp.$ac_objext"

configure.ac

@@ -2689,6 +2689,9 @@ AC_CHECK_FUNCS([closefrom], [], [AC_LIBOBJ(closefrom)
 AC_CHECK_FUNCS([mkstemps mkdtemp], [], [break])
 if test X"$ac_cv_func_mkstemps$ac_cv_func_mkdtemp" != X"yesyes"; then
     AC_CHECK_FUNCS([arc4random random lrand48], [break])
+    if test X"$ac_cv_func_arc4random" != X"yes"; then
+	AC_CHECK_FUNCS([getentropy])
+    fi
     AC_LIBOBJ(mktemp)
     # If either mkdtemp() or mkstemps() is missing, replace both.
     SUDO_APPEND_COMPAT_EXP(sudo_mkdtemp sudo_mkstemps)

lib/util/mktemp.c

@@ -81,6 +81,10 @@ seed_random(void)
 	SEED_T seed;
 	int fd;
 
+# ifdef HAVE_GETENTROPY
+	/* Not really an fd, just has to be -1 on error. */
+	fd = getentropy(&seed, sizeof(seed));
+# else
 	/*
 	 * Seed from /dev/urandom if possible.
 	 */
@@ -95,7 +99,7 @@ seed_random(void)
 	    if (nread != (ssize_t)sizeof(seed))
 		fd = -1;
 	}
-
+# endif /* HAVE_GETENTROPY */
 	/*
 	 * If no /dev/urandom, seed from time of day and process id
 	 * multiplied by small primes.