From: Matt Mackall <mpm@selenic.com>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
security@kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Eric Paris <eparis@redhat.com>, Jake Edge <jake@lwn.net>,
linux-security-module@vger.kernel.org, mingo@redhat.com,
Alan Cox <alan@lxorguk.ukuu.org.uk>,
James Morris <jmorris@namei.org>,
Andrew Morton <akpm@linux-foundation.org>,
Roland McGrath <roland@redhat.com>,
Arjan van de Ven <arjan@infradead.org>
Subject: Re: [Security] [PATCH] proc: avoid information leaks to non-privileged processes
Date: Tue, 5 May 2009 11:18:02 -0500 [thread overview]
Message-ID: <20090505161802.GH31071@waste.org> (raw)
In-Reply-To: <alpine.LFD.2.01.0905050833180.4983@localhost.localdomain>
On Tue, May 05, 2009 at 08:35:35AM -0700, Linus Torvalds wrote:
>
>
> On Tue, 5 May 2009, Linus Torvalds wrote:
> >
> > Note: the "pid + jiffies" is just meant to be a tiny tiny bit of noise. It
> > has no real meaning. It could be anything. I just picked the previous
> > seed, it's just that now we keep the state in between calls and that will
> > feed into the next result, and that should make all the difference.
>
> Actually, thinking about it, we could/should probably just remove that
> tiny bit of noise.
>
> After all, we get _real_ noise from the "keyptr->secret" thing. It's not
> updated all the time, but it's certainly updated often enough that nobody
> will ever see anything remotely guessable, I suspect.
>
> Not that the "pid+jiffies" should hurt either, of course. It just doesn't
> really look meaningful, and only exists as a historical oddity that
> relates to the previous implementation of get_random_int().
I think it can only do good here. Recursively applied functions are
vulnerable to falling into greatly reduced state spaces (see 'strange
attractors') and adding any old crap can perturb it out of those
spaces. A good hash function should be resistant to this, but MD4 and
half_MD4 are not good hash functions.
--
Mathematics is the supreme nostalgia of our time.
next prev parent reply other threads:[~2009-05-05 16:22 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-04 18:51 [PATCH] proc: avoid information leaks to non-privileged processes Jake Edge
2009-05-04 19:00 ` [Security] " Linus Torvalds
2009-05-04 19:51 ` Arjan van de Ven
2009-05-04 20:20 ` Eric W. Biederman
2009-05-04 22:24 ` Linus Torvalds
2009-05-04 23:26 ` Arjan van de Ven
2009-05-04 23:54 ` Linus Torvalds
2009-05-05 7:51 ` Eric W. Biederman
2009-05-05 15:17 ` Linus Torvalds
2009-05-05 15:35 ` Linus Torvalds
2009-05-05 16:18 ` Matt Mackall [this message]
2009-05-05 16:10 ` Matt Mackall
2009-05-05 5:50 ` Matt Mackall
2009-05-05 6:31 ` Ingo Molnar
2009-05-05 8:14 ` Eric W. Biederman
2009-05-05 19:52 ` Ingo Molnar
2009-05-05 20:22 ` Matt Mackall
2009-05-05 21:20 ` Eric W. Biederman
2009-05-06 10:33 ` Ingo Molnar
2009-05-06 10:30 ` Ingo Molnar
2009-05-06 16:25 ` Matt Mackall
2009-05-06 16:48 ` Linus Torvalds
2009-05-06 17:57 ` Matt Mackall
2009-05-07 0:50 ` Matt Mackall
2009-05-07 15:02 ` Ingo Molnar
2009-05-07 18:14 ` Matt Mackall
2009-05-07 18:21 ` Ingo Molnar
2009-05-07 18:41 ` Ingo Molnar
2009-05-07 19:24 ` Matt Mackall
2009-05-07 15:16 ` Florian Weimer
2009-05-07 16:55 ` Matt Mackall
2009-05-07 17:53 ` Linus Torvalds
2009-05-07 18:42 ` Matt Mackall
2009-05-06 20:09 ` [patch] random: make get_random_int() more random Ingo Molnar
2009-05-06 20:41 ` Matt Mackall
2009-05-06 20:51 ` Ingo Molnar
2009-05-06 21:10 ` Matt Mackall
2009-05-06 21:24 ` Ingo Molnar
2009-05-14 22:47 ` Jake Edge
2009-05-14 22:55 ` [Security] " Linus Torvalds
2009-05-15 13:47 ` Ingo Molnar
2009-05-15 15:10 ` Jake Edge
2009-05-16 10:00 ` Willy Tarreau
2009-05-16 10:39 ` Ingo Molnar
2009-05-16 12:02 ` Eric W. Biederman
2009-05-16 14:00 ` Michael S. Zick
2009-05-16 14:28 ` Michael S. Zick
2009-05-16 14:57 ` Arjan van de Ven
2009-05-16 15:09 ` Michael S. Zick
2009-05-16 14:32 ` Matt Mackall
2009-05-16 13:58 ` Willy Tarreau
2009-05-16 15:23 ` Linus Torvalds
2009-05-16 15:47 ` Willy Tarreau
2009-05-16 15:54 ` Oliver Neukum
2009-05-16 16:05 ` Linus Torvalds
2009-05-16 16:17 ` Linus Torvalds
2009-05-15 1:16 ` Américo Wang
2009-05-06 20:25 ` [Security] [PATCH] proc: avoid information leaks to non-privileged processes Ingo Molnar
2009-05-06 20:52 ` Matt Mackall
2009-05-05 8:58 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090505161802.GH31071@waste.org \
--to=mpm@selenic.com \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=arjan@infradead.org \
--cc=ebiederm@xmission.com \
--cc=eparis@redhat.com \
--cc=jake@lwn.net \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=roland@redhat.com \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox