[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <467FD8E9.1000200@gentoo.org>
Date: Mon, 25 Jun 2007 17:02:01 +0200
From: Alexander Gabert <pappy@...too.org>
To: Matt Mackall <mpm@...enic.com>
CC: linux-kernel@...r.kernel.org, torvalds@...ux-foundation.org,
Arjan van de Ven <arjan@...radead.org>,
libc-alpha@...rceware.org, hardened@...too.org
Subject: Re: [PATCH] get_random_long() and AT_ENTROPY for auxv, kernel 2.6.21.5
Hi Matt,
sorry for not answering your questions in the first place, i hope this
did not mean to make a bad impression
Matt Mackall schrieb:
> On Sun, Jun 24, 2007 at 07:45:04PM +0200, Alexander Gabert wrote:
>
>> Hi Linus,
>> hi LKML,
>>
>> i would like to thank LKML and especially Eric (thanks for the per_cpu
>> macro tips and design guidelines!) and the other contributors to this idea.
>>
>> This time the patch is rather big because it also removes
>> get_random_int() and introduces get_random_long() throughout the kernel.
>>
>
> Stop right there. You still haven't answered my original question.
> What is the point of this exercise in the first place, please?
>
> Am I right in thinking you have three unrelated patches here?
>
I don't think so but you may be right nonetheless if my opinion.
> - something to do with aux vector headers
>
Adding the new field
> - something to do with get_random_int repeating itself
>
Found while adding the new field and testing it.
> - sweeping change of get_random_int to get_random_long for no obvious reason
>
It is needed for properly initializing a SSP guard which is (afaik) a
long value.
> These should be three completely separate patches.
>
Probably ... but bear in mind that the goal is still the same: allowing
glibc to use SSP with /proc/self/auxv instead of fopen(/dev/urandom) as
it is now.
Effectively saving three syscalls (open,read,close) and making life
easier for glibc because randomization "generated" in the kernel does
not deplete /dev/urandom too much for high coverage SSP userlands (i.e.
Gentoo Hardened).
I can imagine that Redhat would do the same with the SSP implementation
in glibc, i think if this patch moves into kernel, they will bring out a
glibc patch that is checking for AT_ENTROPY and using the opening of
/dev/urandom for retrieving randomized data as a fallback for machines
where such a kernel is not available. This is a win-win situation for
both sides- the kernel wins because the pressure on /dev/urandom is
released a bit (applicable to SSP environments) and the glibc wins
because it has a reliable, fast, cheap and easy to use source for
randomization.
Thank you,
Alex
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists