lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190917162137.GA27921@1wt.eu>
Date:   Tue, 17 Sep 2019 18:21:37 +0200
From:   Willy Tarreau <w@....eu>
To:     Lennart Poettering <mzxreary@...inter.de>
Cc:     "Theodore Y. Ts'o" <tytso@....edu>,
        Matthew Garrett <mjg59@...f.ucam.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "Ahmed S. Darwish" <darwish.07@...il.com>,
        Vito Caputo <vcaputo@...garu.com>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
        William Jon McCann <mccann@....edu>,
        "Alexander E. Patrakov" <patrakov@...il.com>,
        zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8

On Tue, Sep 17, 2019 at 05:57:43PM +0200, Lennart Poettering wrote:
> Note that calling getrandom(0) "too early" is not something people do
> on purpose. It happens by accident, i.e. because we live in a world
> where SSH or HTTPS or so is run in the initrd already, and in a world
> where booting sometimes can be very very fast.

It's not an accident, it's a lack of understanding of the impacts
from the people who package the systems. Generating an SSH key from
an initramfs without thinking where the randomness used for this could
come from is not accidental, it's a lack of experience that will be
fixed once they start to collect such reports. And those who absolutely
need their SSH daemon or HTTPS server for a recovery image in initramfs
can very well feed fake entropy by dumping whatever they want into
/dev/random to make it possible to build temporary keys for use within
this single session. At least all supposedly incorrect use will be made
*on purpose* and will still be possible to match what users need.

> So even if you write a
> program and you think "this stuff should run late I'll just
> getrandom(0)" it might not actually be that case IRL because people
> deploy it a slightly bit differently than you initially thought in a
> slightly differently equipped system with other runtime behaviour...

I agree with this, it's precisely because I think we should not restrict
userspace capabilities that I want the issue addressed in a way that lets
users do what they need instead of relying on dangerous workarounds. Just
googling for "mknod /dev/random c 1 9" returns tens, maybe hundreds of
pages all explaining how to fix the problem of non-booting systems. It
simply proves that the kernel is not the place to decide what users are
allowed to do. Let's give them the tools to work correctly and be
responsible for their choices. They just need to be hit by bad choices
to get some feedback from the field other than a new list of well-known
SSH keys.

Willy

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ