Re: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alexander Gabert <pappy@gentoo.org>
To: Matt Mackall <mpm@selenic.com>
Cc: linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
	Arjan van de Ven <arjan@infradead.org>,
	libc-alpha@sourceware.org, hardened@gentoo.org
Subject: Re: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5
Date: Mon, 25 Jun 2007 17:02:01 +0200	[thread overview]
Message-ID: <467FD8E9.1000200@gentoo.org> (raw)
In-Reply-To: <20070625034508.GE11115@waste.org>

Hi Matt,
sorry for not answering your questions in the first place, i hope this 
did not mean to make a bad impression
Matt Mackall schrieb:
> On Sun, Jun 24, 2007 at 07:45:04PM +0200, Alexander Gabert wrote:
>   
>> Hi Linus,
>> hi LKML,
>>
>> i would like to thank LKML and especially Eric (thanks for the per_cpu 
>> macro tips and design guidelines!) and the other contributors to this idea.
>>
>> This time the patch is rather big because it also removes 
>> get_random_int() and introduces get_random_long() throughout the kernel.
>>     
>
> Stop right there. You still haven't answered my original question.
> What is the point of this exercise in the first place, please?
>
> Am I right in thinking you have three unrelated patches here?
>   
I don't think so but you may be right nonetheless if my opinion.
> - something to do with aux vector headers
>   
Adding the new field
> - something to do with get_random_int repeating itself
>   
Found while adding the new field and testing it.
> - sweeping change of get_random_int to get_random_long for no obvious reason
>   
It is needed for properly initializing a SSP guard which is (afaik) a 
long value.
> These should be three completely separate patches.
>   
Probably ... but bear in mind that the goal is still the same: allowing 
glibc to use SSP with /proc/self/auxv instead of fopen(/dev/urandom) as 
it is now.
Effectively saving three syscalls (open,read,close) and making life 
easier for glibc because randomization "generated" in the kernel does 
not deplete /dev/urandom too much for high coverage SSP userlands (i.e. 
Gentoo Hardened).

I can imagine that Redhat would do the same with the SSP implementation 
in glibc, i think if this patch moves into kernel, they will bring out a 
glibc patch that is checking for AT_ENTROPY and using the opening of 
/dev/urandom for retrieving randomized data as a fallback for machines 
where such a kernel is not available.  This is a win-win situation for 
both sides- the kernel wins because the pressure on /dev/urandom is 
released a bit (applicable to SSP environments) and the glibc wins 
because it has a reliable, fast, cheap and easy to use source for 
randomization.


Thank you,

Alex

next prev parent reply	other threads:[~2007-06-25 15:02 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-17 23:40 AT_ENTROPY1 and AT_ENTROPY2 values for include/linux/auxvec.h Alexander Gabert
2007-06-18  1:06 ` Arjan van de Ven
2007-06-18  1:28   ` Alexander Gabert
2007-06-18  1:38     ` Arjan van de Ven
2007-06-18 10:36       ` Alexander Gabert
2007-06-20 15:34         ` [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5 Alexander Gabert
2007-06-20 15:38           ` Arjan van de Ven
2007-06-20 16:39           ` Linus Torvalds
2007-06-20 17:04           ` Eric Dumazet
2007-06-20 20:30           ` Matt Mackall
2007-06-24 17:45             ` Alexander Gabert
2007-06-25  3:45               ` Matt Mackall
2007-06-25  4:43                 ` Arjan van de Ven
2007-06-25  5:12                   ` Matt Mackall
2007-06-25  7:09                   ` Jakub Jelinek
2007-06-25 15:02                 ` Alexander Gabert [this message]
2007-06-25 15:20                   ` Matt Mackall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=467FD8E9.1000200@gentoo.org \
    --to=pappy@gentoo.org \
    --cc=arjan@infradead.org \
    --cc=hardened@gentoo.org \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.