Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random

["Guozihua (Scott)" <guozihua@huawei.com>]

On 2022/7/21 19:09, Theodore Ts'o wrote:
> On Thu, Jul 21, 2022 at 02:44:54PM +0800, Guozihua (Scott) wrote:
>   >
>> We have a userspace program that starts pretty early in the boot process and
>> it tries to fetch random bits from /dev/random with O_NONBLOCK, if that
>> returns -EAGAIN, it turns to /dev/urandom. Is this a correct handling of
>> -EAGAIN? Or this is not one of the intended use case of O_NONBLOCK?
> 
> In addition to the good points which Eric and Jason have raised, the
> other thing I would ask you is ***why*** is your userspace program
> trying to fetch random bits early in the boot process?  Is it, say,
> trying to generate a cryptographic key which is security critical.  If
> so, then DON'T DO THAT.
> 
> There have been plenty of really embarrassing security problems caused
> by consumer grade products who generate a public/private key pair
> within seconds of the customer taking the product out of the box, and
> plugging it into the wall for the first time.  At which point,
> hilarity ensues, unless the box is life- or mission- critical, in
> which case tragedy ensues....
> 
> Is it possible to move the userspace program so it's not being started
> early in the boot process?  What is it doing, and why does it need
> random data in the first place?
> 
> 						- Ted
> .

Hi Ted,

Thanks for the comment. The code is not written by me, but I think you 
made a good point here and I'll definitely bring this up to the author.

-- 
Best
GUO Zihua