Re: Concurrent access to /dev/urandom

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Matt Mackall <mpm@selenic.com>
To: Adam Heath <doogie@debian.org>
Cc: "Theodore Ts'o" <tytso@mit.edu>,
	Bernard Normier <bernard@zeroc.com>,
	linux-kernel@vger.kernel.org, Andrew Morton <akpm@osdl.org>,
	Alan Cox <alan@lxorguk.ukuu.org.uk>
Subject: Re: Concurrent access to /dev/urandom
Date: Sat, 11 Dec 2004 12:40:29 -0800	[thread overview]
Message-ID: <20041211204028.GZ8876@waste.org> (raw)
In-Reply-To: <Pine.LNX.4.58.0412111358150.2173@gradall.private.brainfood.com>

On Sat, Dec 11, 2004 at 01:58:45PM -0600, Adam Heath wrote:
> On Sat, 11 Dec 2004, Theodore Ts'o wrote:
> 
> > On Fri, Dec 10, 2004 at 06:22:37PM -0600, Adam Heath wrote:
> > >
> > > Actually, I think this is a security issue.  Since any plain old program can
> > > read from /dev/urandom at any time, an attacker could attempt to read from
> > > that device at the same moment some other program is doing so, and thereby
> > > gain some knowledge as to the other program's state.
> >
> > It could be a potential exploit, but....
> >
> > 	(a) it only applies on SMP machines
> > 	(b) it's not a remote exploit; the attacker needs to have
> > 		the ability to run arbitrary programs on the local
> > 		machine
> > 	(c) the attacker won't get all of other programs' reads of
> > 		/dev/urandom, and
> > 	(d) the attacker would have to have a program continuously
> > 		reading from /dev/urandom, which would take up enough
> > 		CPU time that it would be rather hard to hide.
> >
> > That's not to say that we shouldn't fix it at our earliest
> > convenience, and I'd urge Andrew to push this to Linus for 2.6.10 ---
> > but I don't think we need to move heaven and earth to try to
> > accelerate the 2.6.10 release process, either.
> 
> Is it a problem for other kernel versions?  2.4?  Shouldn't this patch be
> pushed out separately to distributions?

It's a problem for all kernels back to 1.3.57 (when SMP was added) and
perhaps earlier for kernel-internal get_random_bytes users. Fixing
pre-2.6 means backporting the whole driver but not the changes in the
network area.

-- 
Mathematics is the supreme nostalgia of our time.

next prev parent reply	other threads:[~2004-12-11 20:41 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2004-11-27 20:45 Concurrent access to /dev/urandom Bernard Normier
2004-11-27 20:56 ` Jan Engelhardt
2004-11-27 21:15   ` Bernard Normier
2004-11-27 21:22     ` Jan Engelhardt
2004-11-28 20:58       ` Bernard Normier
2004-12-07 23:41         ` Bernard Normier
2004-12-08  1:28           ` Theodore Ts'o
2004-12-08  1:56             ` Bernard Normier
2004-12-08 19:21               ` Theodore Ts'o
2004-12-08 20:15                 ` Bernard Normier
2004-12-08 21:56                 ` Matt Mackall
2004-12-09  1:57                   ` Theodore Ts'o
2004-12-09  2:46                     ` andyliu
2004-12-09  4:55                       ` Matt Mackall
2004-12-09  2:58                     ` Matt Mackall
2004-12-09 21:29                     ` Matt Mackall
2004-12-10  4:47                       ` Matt Mackall
2004-12-10 16:35                         ` Theodore Ts'o
2004-12-10 18:28                           ` Matt Mackall
2004-12-10 21:28                             ` Theodore Ts'o
2004-12-10 22:23                               ` Matt Mackall
2004-12-11  0:22                                 ` Adam Heath
2004-12-11  1:10                                   ` Matt Mackall
2004-12-11 17:33                                   ` Theodore Ts'o
2004-12-11 19:58                                     ` Adam Heath
2004-12-11 20:40                                       ` Matt Mackall [this message]
2004-12-12 16:19                                     ` Pavel Machek
2004-12-11  0:19                               ` Adam Heath
2004-12-09  3:10               ` David Lang
2004-12-09  4:52                 ` Matt Mackall
2004-12-09  6:36                 ` Theodore Ts'o
2004-11-29 22:47 ` Jon Masters
2004-11-29 23:14   ` Bernard Normier
2004-11-29 23:43     ` Sven-Haegar Koch
2004-11-30  2:31       ` David Schwartz
2004-11-30  4:14         ` Kyle Moffett
2004-11-30  8:23           ` Jan Engelhardt
2004-11-30 18:50             ` David Schwartz
2004-11-29 23:42   ` David Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20041211204028.GZ8876@waste.org \
    --to=mpm@selenic.com \
    --cc=akpm@osdl.org \
    --cc=alan@lxorguk.ukuu.org.uk \
    --cc=bernard@zeroc.com \
    --cc=doogie@debian.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.