All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] [4/4] /dev/random: Remove RNDGETPOOL ioctl
@ 2004-08-20  4:57 Theodore Ts'o
  2004-08-24 21:26 ` Matt Mackall
  0 siblings, 1 reply; 2+ messages in thread
From: Theodore Ts'o @ 2004-08-20  4:57 UTC (permalink / raw)
  To: linux-kernel; +Cc: akpm


Recently, someone has kvetched that RNDGETPOOL is a "security
vulnerability".  Never mind that it is superuser only, and with
superuser privs you could load a nasty kernel module, or read the
entropy pool out of /dev/mem directly, but they are nevertheless still
spreading FUD.

In any case, no one is using it (it was there for debugging purposes
only), so we can remove it as dead code.

patch-random-4-remove-rndgetpool

--- random.c	2004/08/19 22:50:19	1.4
+++ random.c	2004/08/19 22:50:43	1.5
@@ -1741,10 +1741,9 @@
 random_ioctl(struct inode * inode, struct file * file,
 	     unsigned int cmd, unsigned long arg)
 {
-	int *tmp, size, ent_count;
+	int size, ent_count;
 	int __user *p = (int __user *)arg;
 	int retval;
-	unsigned long flags;
 	
 	switch (cmd) {
 	case RNDGETENTCNT:
@@ -1765,40 +1764,6 @@
 		if (random_state->entropy_count >= random_read_wakeup_thresh)
 			wake_up_interruptible(&random_read_wait);
 		return 0;
-	case RNDGETPOOL:
-		if (!capable(CAP_SYS_ADMIN))
-			return -EPERM;
-		if (get_user(size, p) ||
-		    put_user(random_state->poolinfo.poolwords, p++))
-			return -EFAULT;
-		if (size < 0)
-			return -EFAULT;
-		if (size > random_state->poolinfo.poolwords)
-			size = random_state->poolinfo.poolwords;
-
-		/* prepare to atomically snapshot pool */
-
-		tmp = kmalloc(size * sizeof(__u32), GFP_KERNEL);
-
-		if (!tmp)
-			return -ENOMEM;
-
-		spin_lock_irqsave(&random_state->lock, flags);
-		ent_count = random_state->entropy_count;
-		memcpy(tmp, random_state->pool, size * sizeof(__u32));
-		spin_unlock_irqrestore(&random_state->lock, flags);
-
-		if (!copy_to_user(p, tmp, size * sizeof(__u32))) {
-			kfree(tmp);
-			return -EFAULT;
-		}
-
-		kfree(tmp);
-
-		if(put_user(ent_count, p++))
-			return -EFAULT;
-
-		return 0;
 	case RNDADDENTROPY:
 		if (!capable(CAP_SYS_ADMIN))
 			return -EPERM;

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: [PATCH] [4/4] /dev/random: Remove RNDGETPOOL ioctl
  2004-08-20  4:57 [PATCH] [4/4] /dev/random: Remove RNDGETPOOL ioctl Theodore Ts'o
@ 2004-08-24 21:26 ` Matt Mackall
  0 siblings, 0 replies; 2+ messages in thread
From: Matt Mackall @ 2004-08-24 21:26 UTC (permalink / raw)
  To: Theodore Ts'o; +Cc: linux-kernel, akpm

On Fri, Aug 20, 2004 at 12:57:23AM -0400, Theodore Ts'o wrote:
> 
> Recently, someone has kvetched that RNDGETPOOL is a "security
> vulnerability".  Never mind that it is superuser only, and with
> superuser privs you could load a nasty kernel module, or read the
> entropy pool out of /dev/mem directly, but they are nevertheless still
> spreading FUD.

While such concerns are a bit exaggerated, the ioctl isn't in fact
very useful: it only gets one of the pools. In other words, it's been
obsolete even for debugging purposes since we went to two pools.

The pool resize ioctl is still racy in a painful way and ought to be
axed as well.

-- 
Mathematics is the supreme nostalgia of our time.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2004-08-24 21:28 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-08-20  4:57 [PATCH] [4/4] /dev/random: Remove RNDGETPOOL ioctl Theodore Ts'o
2004-08-24 21:26 ` Matt Mackall

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.