| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 19 Sep 2019 01:15:36 +0500
From: "Alexander E. Patrakov" <patrakov@...il.com>
To: "Eric W. Biederman" <ebiederm@...ssion.com>,
Lennart Poettering <mzxreary@...inter.de>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
"Theodore Y. Ts'o" <tytso@....edu>, Willy Tarreau <w@....eu>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>, linux-ext4@...r.kernel.org,
lkml <linux-kernel@...r.kernel.org>
Subject: Re: Linux 5.3-rc8
19.09.2019 00:56, Eric W. Biederman пишет:
> The cheap solution appears to be copying a random seed from a previous
> boot, and I think that will take care of many many cases, and has
> already been implemented. Which reduces this to a system first
> boot issue.
No, this is not the solution, if we take seriously not only getrandom
hangs, but also urandom warnings. In some setups (root on LUKS is one of
them) they happen early in the initramfs. Therefore "restoring" entropy
from the previous boot by a script that runs from the main system is too
late. That's why it is suggested to load at least a part of the random
seed in the boot loader, and that has not been commonly implemented.
--
Alexander E. Patrakov
Download attachment "smime.p7s" of type "application/pkcs7-signature" (4052 bytes)
Powered by blists - more mailing lists