Reading from dev/urandom - system behaviour

/dev/urandom is a character device, not a regular file. Opening it provides an interface to a driver, usually in the kernel, which handles reads; every time a program reads from /dev/urandom, a call is made to the driver, and the driver determines how to provide appropriate content (same as any other character device — /dev/null, /dev/zero...).

On Linux, this is implemented in drivers/char/random.c. It maintains an “entropy pool”, seeded from various sources of random data, and when read, processes the pool data using a ChaCha stream cipher to construct data to return.

/dev/urandom is not a 'regular file' (yes, this is the POSIX naming), it is a device. Just like most 'files' on /dev/ So you have plenty of magic behavior there.

• You have /dev/null, where no matter how much you write, it never fills
• You have random/urandom/srandom, randomly providing different data each time
• You have /dev/tty (and colleagues) where you interact with a terminal
• You have /dev/full which always returns "No space left on device" for any write attempy
• You have /dev/zero which returns an infinite set of nul bytes

and many more.

These files are actually an interface to interact with a kernel module. So, when you 'read' it, it is actually executing a function which is asked to read as much bytes your program (head, dd, etc.) requested (/dev/urandom is a character device). This function then handles it internally (based on several entropy pools) in order to fill that buffer (in this case, so that you get pseudorandom contents).