why do perl, ruby use /dev/urandom

Question

I strace'd a simple script using perl and bash.

$ strace perl -e 'echo "test";' 2>&1 | grep 'random'
open("/dev/urandom", O_RDONLY)          = 3
$ strace bash 'echo "test"' 2>&1 | grep 'random'
$

Why does perl need the pseudorandom number generator for such a trivial script? I would expect opening /dev/urandom only after the first use of random data.

Edit: I also tested python and ruby

$ strace python -c 'print "test"' 2>&1 | grep random
$
$ strace ruby -e 'print "test\n"' 2>&1 | grep random
open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK|O_CLOEXEC) = 3

Why do perl and ruby open it with different modes?

Answer 1

Try searching for "Denial of Service via Algorithmic Complexity Attacks".

In brief, if a Perl script accepts outside input (from a file, network, etc) and stores that data in a hash, an attacker who can influence the data can exploit the hashing algorithm to deteriorate hashes (O(1) lookups) into linked lists (O(N) lookups). To defend against this type of attack, certain parameters of the hashing algorithm are randomised at program start-up so that an attacker cannot construct a sequence of hash keys that will cause a problem.

This is obviously not specific to Perl. Any program which uses a hashing algorithm is potentially vulnerable to this type of attack.