| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Sep 2019 09:23:42 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Lennart Poettering <mzxreary@...inter.de>
Cc: "Ahmed S. Darwish" <darwish.07@...il.com>,
"Theodore Y. Ts'o" <tytso@....edu>, Willy Tarreau <w@....eu>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
"Alexander E. Patrakov" <patrakov@...il.com>,
zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8
On Tue, Sep 17, 2019 at 9:08 AM Lennart Poettering <mzxreary@...inter.de> wrote:
>
> Here's what I'd propose:
So I think this is ok, but I have another proposal. Before I post that
one, though, I just wanted to point out:
> 1) Add GRND_INSECURE to get those users of getrandom() who do not need
> high quality entropy off its use (systemd has uses for this, for
> seeding hash tables for example), thus reducing the places where
> things might block.
I really think that trhe logic should be the other way around.
The getrandom() users that don't need high quality entropy are the
ones that don't really think about this, and so _they_ shouldn't be
the ones that have to explicitly state anything. To those users,
"random is random". By definition they don't much care, and quite
possibly they don't even know what "entropy" really means in that
context.
The ones that *do* want high security randomness should be the ones
that know that "random" means different things to different people,
and that randomness is hard.
So the onus should be on them to say that "yes, I'm one of those
people willing to wait".
That's why I'd like to see GRND_SECURE instead. That's kind of what
GRND_RANDOM is right now, but it went overboard and it's not useful
even to the people who do want secure random numners.
Besides, the GRND_RANDOM naming doesn't really help the people who
don't know anyway, so it's just bad in so many ways. We should
probably just get rid of that flag entirely and make it imply
GRND_SECURE without the overdone entropy accounting, but that's a
separate issue.
When we do add GRND_SECURE, we should also add the GRND_INSECURE just
to allow people to mark their use, and to avoid the whole existing
confusion about "0".
> 2) Add a kernel log message if a getrandom(0) client hung for 15s or
> more, explaining the situation briefly, but not otherwise changing
> behaviour.
The problem is that when you have some graphical boot, you'll not even
see the kernel messages ;(
I do agree that a message is a good idea regardless, but I don't think
it necessarily solves the problems except for developers.
> 3) Change systemd-random-seed.service to log to console in the same
> case, blocking boot cleanly and discoverably.
So I think systemd-random-seed might as well just use a new
GRND_SECURE, and then not even have to worry about it.
That said, I think I have a suggestion that everybody can live with -
even if they might not be _happy_ about it. See next email.
> I am not a fan of randomly killing userspace processes that just
> happened to be the unlucky ones, to call this first... I see no
> benefit in killing stuff over letting boot hang in a discoverable way.
Absolutely agreed. The point was to not break things.
Linus
Powered by blists - more mailing lists