Re: /dev/urandom uses uninit bytes, leaks user data

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Theodore Tso <tytso@mit.edu>
To: John Reiser <jreiser@BitWagon.com>
Cc: Matt Mackall <mpm@selenic.com>,
	linux-kernel@vger.kernel.org, security@kernel.org
Subject: Re: /dev/urandom uses uninit bytes, leaks user data
Date: Fri, 14 Dec 2007 18:23:23 -0500	[thread overview]
Message-ID: <20071214232322.GE17344@thunk.org> (raw)
In-Reply-To: <4762EB63.8070100@BitWagon.com>

On Fri, Dec 14, 2007 at 12:45:23PM -0800, John Reiser wrote:
> > It's getting folded into the random number pool, where it will be
> > impossible to recover it unless you already know what was in the
> > pool.  And if you know what's in the pool, you've already broken into
> > the kernel.
> 
> The combination of capturing data from other users, plus seeding
> the pool with your own data, just might be powerful enough to help
> steal secrets, sometime in the next five years, from data that is
> recorded today.

Um, no.  Just seeding the pool with your own data won't help, since
that still won't tell you the initial contents of the pool.  And if
you know the initial contents of the pool, then you've broken root.
And being able to steal from the pool also assumes that you've broken
into the system; it is never, ever exported to userspace, even if
you're root (unless you use something like /dev/kmem).  Furthermore,
if you don't know the previous contents of the pool, you'll never be
able to recover the information, either now or five years in the
future, since information is XOR'ed into the pool.

> > But I'm sympathetic to making Valgrind happy.  ...

How about wrapping it in a #ifdef CONFIG_UML, which is the only way
you can use Valgrind?  The memset will slow down things unnecessarily,
and mixing in the unknown previous contents of the stack (a) doesn't
hurt, and (b) could make life more complicated for an attacker.

            	      	    	      - Ted

next prev parent reply	other threads:[~2007-12-14 23:24 UTC|newest]

Thread overview: 39+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-12-14 19:34 /dev/urandom uses uninit bytes, leaks user data John Reiser
2007-12-14 20:13 ` Matt Mackall
2007-12-14 20:45   ` John Reiser
2007-12-14 23:23     ` Theodore Tso [this message]
2007-12-15  0:30       ` John Reiser
2007-12-15  4:32         ` Theodore Tso
2007-12-17 16:30           ` John Reiser
2007-12-17 17:36             ` Theodore Tso
2007-12-18  0:52               ` Andy Lutomirski
2007-12-18  3:05                 ` Theodore Tso
2007-12-18  3:13                   ` David Newall
2007-12-18  3:46                     ` Theodore Tso
2007-12-18  4:09                       ` David Newall
2007-12-18  4:23                         ` Theodore Tso
2007-12-19 22:43                           ` Bill Davidsen
2007-12-19 22:40                         ` Bill Davidsen
2007-12-20  4:18                       ` Andrew Lutomirski
2007-12-20 20:17                         ` Phillip Susi
2007-12-21 16:10                           ` Andrew Lutomirski
2007-12-22  1:14                             ` Theodore Tso
2007-12-26 18:30                             ` Phillip Susi
2007-12-20 20:36                         ` Theodore Tso
2007-12-27 10:44                           ` Pavel Machek
2007-12-18  5:12                 ` David Schwartz
2007-12-17 20:59             ` David Schwartz
2007-12-15  7:13         ` Herbert Xu
2007-12-15 16:30           ` Matt Mackall
2007-12-17 17:28           ` Signed divides vs shifts (Re: [Security] /dev/urandom uses uninit bytes, leaks user data) Linus Torvalds
2007-12-17 17:48             ` Al Viro
2007-12-17 17:55             ` Eric Dumazet
2007-12-17 18:05               ` Ray Lee
2007-12-17 18:10                 ` Eric Dumazet
2007-12-17 18:12                   ` Ray Lee
2007-12-17 18:23               ` Al Viro
2007-12-17 18:28               ` [Security] Signed divides vs shifts (Re: " Linus Torvalds
2007-12-17 19:08                 ` Al Viro
  -- strict thread matches above, loose matches on Subject: below --
2007-12-15  7:20 /dev/urandom uses uninit bytes, leaks user data Matti Linnanvuori
2007-12-15  7:54 ` Valdis.Kletnieks
2007-12-15 22:44 linux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20071214232322.GE17344@thunk.org \
    --to=tytso@mit.edu \
    --cc=jreiser@BitWagon.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=security@kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).