From: Sasha Levin <levinsasha928@gmail.com>
To: Steve Grubb <sgrubb@redhat.com>
Cc: Jarod Wilson <jarod@redhat.com>, Ted Ts'o <tytso@mit.edu>,
linux-crypto@vger.kernel.org, Matt Mackall <mpm@selenic.com>,
Neil Horman <nhorman@redhat.com>,
Herbert Xu <herbert.xu@redhat.com>,
Stephan Mueller <stephan.mueller@atsec.com>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] random: add blocking facility to urandom
Date: Thu, 08 Sep 2011 10:21:23 +0300 [thread overview]
Message-ID: <1315466483.3584.7.camel@lappy> (raw)
In-Reply-To: <201109071743.16811.sgrubb@redhat.com>
On Wed, 2011-09-07 at 17:43 -0400, Steve Grubb wrote:
> On Wednesday, September 07, 2011 05:35:18 PM Jarod Wilson wrote:
> > Another proposal that has been kicked around: a 3rd random chardev,
> > which implements this functionality, leaving urandom unscathed. Some
> > udev magic or a driver param could move/disable/whatever urandom and put
> > this alternate device in its place. Ultimately, identical behavior, but
> > the true urandom doesn't get altered at all.
>
> Right, and that's what I was trying to say is that if we do all that and switch out
> urandom with something new that does what we need, what's the difference in just
> patching the behavior into urandom and calling it a day? Its simpler, less fragile,
> admins won't make mistakes setting up the wrong one in a chroot, already has the
> FIPS-140 dressing, and is auditable.
Whats the difference between changing the behavior of a well defined
interface (/dev/urandom) which may cause userspace applications to fail,
in opposed to a non-intrusive usermode CUSE driver which can do exactly
what you need (and more - if more is required in the future)? None, none
at all...
CUSE supports kernel auditing, admins making mistakes is hardly the
kernels' problem (unless it makes it easy for them to do mistakes) and
code moved into the kernel doesn't suddenly become more stable and
simpler.
--
Sasha.
next prev parent reply other threads:[~2011-09-08 7:21 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-09-02 14:37 [PATCH] random: add blocking facility to urandom Jarod Wilson
2011-09-05 2:36 ` Sandy Harris
2011-09-06 14:09 ` Stephan Mueller
2011-09-07 17:38 ` Jarod Wilson
2011-09-07 18:12 ` Sasha Levin
2011-09-07 18:26 ` Jarod Wilson
2011-09-07 19:05 ` Sasha Levin
2011-09-07 19:30 ` Jarod Wilson
2011-09-07 20:00 ` Sasha Levin
2011-09-07 19:35 ` Neil Horman
2011-09-07 19:27 ` Ted Ts'o
2011-09-07 19:36 ` Jarod Wilson
2011-09-08 2:43 ` Sandy Harris
2011-09-07 19:49 ` David Miller
2011-09-07 20:02 ` Steve Grubb
2011-09-07 20:23 ` Sasha Levin
2011-09-07 20:30 ` Steve Grubb
2011-09-07 20:37 ` Sasha Levin
2011-09-07 20:56 ` Steve Grubb
2011-09-07 21:10 ` Sasha Levin
2011-09-07 21:28 ` Steve Grubb
2011-09-07 21:38 ` Sasha Levin
2011-09-07 21:35 ` Jarod Wilson
2011-09-07 21:43 ` Steve Grubb
2011-09-07 22:46 ` Sven-Haegar Koch
2011-09-08 7:21 ` Sasha Levin [this message]
2011-09-07 23:57 ` Neil Horman
2011-09-08 6:41 ` Tomas Mraz
2011-09-08 12:52 ` Neil Horman
2011-09-08 13:11 ` Steve Grubb
2011-09-08 13:49 ` Neil Horman
2011-09-09 2:21 ` Sandy Harris
2011-09-09 13:04 ` Steve Grubb
2011-09-09 16:25 ` Ted Ts'o
2011-09-09 21:27 ` Thomas Gleixner
2011-09-12 13:56 ` Jarod Wilson
2011-09-13 10:58 ` Peter Zijlstra
2011-09-13 12:18 ` Jarod Wilson
2011-09-11 2:05 ` Valdis.Kletnieks
2011-09-12 13:55 ` Jarod Wilson
2011-09-12 16:58 ` Valdis.Kletnieks
2011-09-12 18:26 ` Jarod Wilson
2011-09-07 20:33 ` Neil Horman
2011-09-07 20:48 ` Steve Grubb
2011-09-07 21:18 ` Ted Ts'o
2011-09-07 21:27 ` Stephan Mueller
2011-09-07 21:38 ` Ted Ts'o
2011-09-08 8:44 ` Christoph Hellwig
2011-09-08 11:48 ` Steve Grubb
2011-09-08 16:13 ` David Miller
2011-09-09 19:08 ` Eric Paris
2011-09-09 19:12 ` Neil Horman
2011-09-08 8:42 ` Christoph Hellwig
2011-09-07 21:20 ` Nikos Mavrogiannopoulos
2011-09-08 8:41 ` Christoph Hellwig
2011-09-12 14:02 ` Jarod Wilson
2011-09-12 14:58 ` Neil Horman
2011-09-12 17:06 ` Mark Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1315466483.3584.7.camel@lappy \
--to=levinsasha928@gmail.com \
--cc=herbert.xu@redhat.com \
--cc=jarod@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mpm@selenic.com \
--cc=nhorman@redhat.com \
--cc=sgrubb@redhat.com \
--cc=stephan.mueller@atsec.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).