The author seems to be assuming that all operating systems use the same implementation or have the same man page even for these random number generator devices -- they do not.
For example, on Solaris from random(7D):
The /dev/random and /dev/urandom files are suitable
for applications requiring high quality random numbers
for cryptographic purposes.
...
While bytes produced by the /dev/urandom interface are
of lower quality than bytes produced by /dev/random, they
are nonetheless suitable for less demanding and shorter
term cryptographic uses such as short term session keys,
paddings, and challenge strings.
In short, on Solaris, you can use either one although you are encouraged to only use /dev/urandom for specific cases.
How much do you want to bet that that man page isn't grossly misleading, just like the linux one?
I'm very much willing to bet the Solaris man page is NOT grossly misleading, since I know the past and present authors / maintainers of the cryptography framework on Solaris personally :-)
Also, one of the Solaris Security Engineers wrote about random number generation on Solaris extensively just last year:
https://blogs.oracle.com/darren/entry/solaris_random_number_...
Some blogs from other Solaris Security engineers:
Valerie Fenwick: http://bubbva.blogspot.com/
Dan Anderson: https://blogs.oracle.com/DanX/
Darren Moffat: https://blogs.oracle.com/darren
...and last, but not least, Enrico Perla (doesn't have a blog at the moment as far as I know) did author this book and is a Solaris Engineer and someone that works on Solaris Security-related things:
http://www.amazon.com/Guide-Kernel-Exploitation-Attacking-Co...
Okay, you've convinced me, they definitely put in a somewhat weaker urandom. Also that function for getting random numbers with no zero bytes 'for key generation' terrifies me a bit.
Yeah, Solaris has pretty strong crypto verifications thanks to a great security team :-)
I'm glad I could provide useful info.
No, I wrote specifically in the beginning that I'm talking about Linux.