Re: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Alexander Gabert <pappy@gentoo.org>
To: Matt Mackall <mpm@selenic.com>
Cc: linux-kernel@vger.kernel.org, torvalds@linux-foundation.org,
	Arjan van de Ven <arjan@infradead.org>,
	libc-alpha@sourceware.org, hardened@gentoo.org
Subject: Re: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5
Date: Mon, 25 Jun 2007 17:02:01 +0200	[thread overview]
Message-ID: <467FD8E9.1000200@gentoo.org> (raw)
In-Reply-To: <20070625034508.GE11115@waste.org>

Hi Matt,
sorry for not answering your questions in the first place, i hope this 
did not mean to make a bad impression
Matt Mackall schrieb:
> On Sun, Jun 24, 2007 at 07:45:04PM +0200, Alexander Gabert wrote:
>   
>> Hi Linus,
>> hi LKML,
>>
>> i would like to thank LKML and especially Eric (thanks for the per_cpu 
>> macro tips and design guidelines!) and the other contributors to this idea.
>>
>> This time the patch is rather big because it also removes 
>> get_random_int() and introduces get_random_long() throughout the kernel.
>>     
>
> Stop right there. You still haven't answered my original question.
> What is the point of this exercise in the first place, please?
>
> Am I right in thinking you have three unrelated patches here?
>   
I don't think so but you may be right nonetheless if my opinion.
> - something to do with aux vector headers
>   
Adding the new field
> - something to do with get_random_int repeating itself
>   
Found while adding the new field and testing it.
> - sweeping change of get_random_int to get_random_long for no obvious reason
>   
It is needed for properly initializing a SSP guard which is (afaik) a 
long value.
> These should be three completely separate patches.
>   
Probably ... but bear in mind that the goal is still the same: allowing 
glibc to use SSP with /proc/self/auxv instead of fopen(/dev/urandom) as 
it is now.
Effectively saving three syscalls (open,read,close) and making life 
easier for glibc because randomization "generated" in the kernel does 
not deplete /dev/urandom too much for high coverage SSP userlands (i.e. 
Gentoo Hardened).

I can imagine that Redhat would do the same with the SSP implementation 
in glibc, i think if this patch moves into kernel, they will bring out a 
glibc patch that is checking for AT_ENTROPY and using the opening of 
/dev/urandom for retrieving randomized data as a fallback for machines 
where such a kernel is not available.  This is a win-win situation for 
both sides- the kernel wins because the pressure on /dev/urandom is 
released a bit (applicable to SSP environments) and the glibc wins 
because it has a reliable, fast, cheap and easy to use source for 
randomization.


Thank you,

Alex

next prev parent reply	other threads:[~2007-06-25 15:02 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-06-17 23:40 AT_ENTROPY1 and AT_ENTROPY2 values for include/linux/auxvec.h Alexander Gabert
2007-06-18  1:06 ` Arjan van de Ven
2007-06-18  1:28   ` Alexander Gabert
2007-06-18  1:38     ` Arjan van de Ven
2007-06-18 10:36       ` Alexander Gabert
2007-06-20 15:34         ` [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5 Alexander Gabert
2007-06-20 15:38           ` Arjan van de Ven
2007-06-20 16:39           ` Linus Torvalds
2007-06-20 17:04           ` Eric Dumazet
2007-06-20 20:30           ` Matt Mackall
2007-06-24 17:45             ` Alexander Gabert
2007-06-25  3:45               ` Matt Mackall
2007-06-25  4:43                 ` Arjan van de Ven
2007-06-25  5:12                   ` Matt Mackall
2007-06-25  7:09                   ` Jakub Jelinek
2007-06-25 15:02                 ` Alexander Gabert [this message]
2007-06-25 15:20                   ` Matt Mackall

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=467FD8E9.1000200@gentoo.org \
    --to=pappy@gentoo.org \
    --cc=arjan@infradead.org \
    --cc=hardened@gentoo.org \
    --cc=libc-alpha@sourceware.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mpm@selenic.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).