| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 May 2008 14:46:39 +1000 From: Rusty Russell <rusty@...tcorp.com.au> To: Johannes Berg <johannes@...solutions.net> Cc: virtualization@...ts.linux-foundation.org, Jeff Garzik <jeff@...zik.org>, Herbert Xu <herbert@...dor.apana.org.au>, Christian Borntraeger <borntraeger@...ibm.com>, LKML <linux-kernel@...r.kernel.org>, "H. Anvin" <hpa@...or.com>, Theodore Tso <tytso@....edu>, Matt Mackall <mpm@...enic.com> Subject: Re: [PATCH 2/2] lguest: virtio-rng support On Friday 16 May 2008 20:49:41 Johannes Berg wrote: > > + > > +/* Our random number generator device reads from /dev/urandom into the Guest's > > + * input buffers. The usual case is that the Guest doesn't want random numbers > > + * and so has no buffers although /dev/urandom is still readable, whereas > > + * console is the reverse. > > Is it really a good idea to use the hosts /dev/urandom to fill the > guests /dev/random? Technically it's up to rngd in the guest to decide whether to feed entropy or not (ie. /dev/urandom or /dev/random). If we use /dev/random in the host, we risk a DoS. But since /dev/random is 0666 on my system, perhaps noone actually cares? Cheers, Rusty. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists