Please describe the problem:
g_rand_new() uses fread() to seed a random number generator.
fread() buffers 4096 bytes from /dev/urandom when it only needs 16 bytes.
Since system entropy is a limited (though renewable) resource,
it should be consumed sparingly.

Here is a little more background on why wasting entropy is a problem.

"When accessed as /dev/urandom, as many bytes as are requested are
returned even when the entropy pool is exhausted."
http://www.linux.com/howtos/Secure-Programs-HOWTO/random-numbers.shtml

When the entropy pool is exhausted, the Linux RNG (accessed via
/dev/urandom) behaves like a pseudo-random number generator, which is not
acceptable for cryptographic applications such as password generators.

Analysis of the Linux Random Number Generator
http://www.pinkas.net/PAPERS/gpr06.pdf


Steps to reproduce:
1. run: watch -d -n 1 cat /proc/sys/kernel/random/entropy_avail
2. run several times any app that calls g_rand_new() (appended example will do)


Actual results:
entropy_avail plummets if the app is run several times
strace shows that 4096 bytes are read from /dev/urandom

open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 3
...
read(3, "9\326I\242\277x9^\355\266/\6\24[lh\fP\310\275\30\207_7"..., 4096) = 4096


Expected results:
Only 16 bytes (sizeof(seed)) are read from /dev/urandom

Does this happen every time?
yes.
fread() is buffering 4096 bytes data.
The solution is to disable buffering after calling fopen() and before calling fread().
This can be done with: setvbuf(fp, NULL, _IONBF, 0);


Other information:
glib2-2.12.9-1.fc6
http://svn.gnome.org/viewcvs/glib/trunk/glib/grand.c?view=markup

Test prog:
#include <glib.h>
main()
{
    g_rand_new();
}

Prototype fix:
#include <stdio.h>
main()
{
        FILE* fp;
        size_t n;
        int x;

        fp = fopen("/dev/urandom", "rb");
        setvbuf(fp, NULL, _IONBF, 0); // set to unbuffered
        n = fread(&x, sizeof(x), 1, fp);
}