From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: George Spelvin <linux@horizon.com>
Cc: linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
tytso@mit.edu
Subject: Re: [PATCH, RFC] random: introduce getrandom(2) system call
Date: Mon, 21 Jul 2014 17:27:06 +0200 [thread overview]
Message-ID: <1405956426.2319.37.camel@localhost> (raw)
In-Reply-To: <20140721112102.19300.qmail@ns.horizon.com>
On Mo, 2014-07-21 at 07:21 -0400, George Spelvin wrote:
> > I don't like partial reads/writes and think that a lot of people get
> > them wrong, because they often only check for negative return values.
>
> The v1 patch, which did it right IMHO, didn't do partial reads in the
> case we're talking about:
>
> + if (count > 256)
> + return -EINVAL;
I checked and unfortunately it does not; 256 bytes is way too large to
guarantee non-existence of partial reads. On a typical older system
without rdrand/rdseed you would have to limit the amount of bytes to
extract to about 32. That's way too low. That said, the 512 bytes check
only in case of extracting bytes from blocking pool would serve no
purpose.
> > In case of urandom extraction, I wouldn't actually limit the number of
> > bytes. A lot of applications I have seen already extract more than 128
> > out of urandom (not for seeding a prng but just to mess around with some
> > memory). I don't see a reason why getrandom shouldn't be used for that.
> > It just adds one more thing to look out for if using getrandom() in
> > urandom mode, especially during porting an application over to this new
> > interface.
>
> Again, I disagree. If it's "just messing around" code, use /dev/urandom.
> It's more portable and you don't care about the fd exhaustion attacks.
>
> If it's actual code to be used in anger, fix it to not abuse /dev/urandom.
>
> You're right that a quick hack might be "broken on purpose", but without
> exception, *all* code that I have seen which reads 64 or more bytes from
> /dev/*random is broken, and highlighting the brokenness is a highly
> desirable thing.
>
> The sole and exclusive reason for this syscall to exist at all is to
> solve a security problem. Supporting broken security code does no favors
> to anyone.
Then let's agree to disagree. :)
I think it is dangerous if application will get ported to this new
interface without checking size limitations and will only notice it
after the applications will be rolled out (if at all).
Bye,
Hannes
next prev parent reply other threads:[~2014-07-21 15:27 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-07-20 16:26 [PATCH, RFC] random: introduce getrandom(2) system call George Spelvin
2014-07-20 17:03 ` George Spelvin
2014-07-20 21:32 ` Hannes Frederic Sowa
2014-07-21 11:21 ` George Spelvin
2014-07-21 15:27 ` Hannes Frederic Sowa [this message]
2014-07-22 1:02 ` Hannes Frederic Sowa
2014-07-22 4:44 ` Theodore Ts'o
2014-07-22 9:49 ` Hannes Frederic Sowa
2014-07-22 22:59 ` Theodore Ts'o
2014-07-23 9:47 ` Hannes Frederic Sowa
2014-07-23 11:52 ` George Spelvin
2014-07-23 12:10 ` Hannes Frederic Sowa
2014-07-30 12:50 ` Pavel Machek
2014-07-20 17:24 ` Theodore Ts'o
-- strict thread matches above, loose matches on Subject: below --
2014-07-17 18:48 Mark Kettenis
2014-07-17 20:35 ` Andy Lutomirski
2014-07-17 21:28 ` Theodore Ts'o
2014-07-17 21:37 ` Andy Lutomirski
2014-07-17 22:21 ` David Lang
2014-07-17 9:18 Theodore Ts'o
2014-07-17 10:57 ` Hannes Frederic Sowa
2014-07-17 12:52 ` Theodore Ts'o
2014-07-17 13:15 ` Hannes Frederic Sowa
2014-07-17 12:09 ` Tobias Klauser
2014-07-17 12:52 ` Theodore Ts'o
2014-07-17 16:12 ` Christoph Hellwig
2014-07-17 17:01 ` Theodore Ts'o
2014-07-17 17:05 ` Bob Beck
2014-07-17 17:34 ` Theodore Ts'o
2014-07-17 17:45 ` Bob Beck
2014-07-17 17:46 ` Bob Beck
2014-07-17 17:57 ` Bob Beck
2014-07-17 22:30 ` Theodore Ts'o
2014-07-17 19:56 ` Bob Beck
2014-07-21 0:25 ` Dwayne Litzenberger
2014-07-21 7:18 ` Theodore Ts'o
2014-07-17 19:31 ` Greg KH
2014-07-17 19:33 ` Greg KH
2014-07-17 19:48 ` Zach Brown
[not found] ` <20140717194812.GC24196-fypN+1c5dIyjpB87vu3CluTW4wlIGRCZ@public.gmane.org>
2014-07-17 20:54 ` Theodore Ts'o
[not found] ` <20140717205417.GT1491-AKGzg7BKzIDYtjvyW6yDsg@public.gmane.org>
2014-07-17 21:39 ` Zach Brown
2014-07-17 20:27 ` Andy Lutomirski
[not found] ` <53C8319A.8090108-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-07-17 21:14 ` Theodore Ts'o
2014-07-18 16:36 ` Rolf Eike Beer
2014-07-20 15:50 ` Andi Kleen
2014-07-20 17:06 ` Theodore Ts'o
2014-07-20 17:27 ` Andreas Schwab
2014-07-20 17:41 ` Theodore Ts'o
2014-07-21 6:18 ` Dwayne Litzenberger
2014-07-23 8:42 ` Manuel Schölling
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1405956426.2319.37.camel@localhost \
--to=hannes@stressinduktion.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@horizon.com \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).