| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 Dec 2007 15:17:02 -0500 From: Phillip Susi <psusi@....rr.com> To: Andrew Lutomirski <luto@...ealbox.com> CC: Theodore Tso <tytso@....edu>, David Newall <david@...idnewall.com>, John Reiser <jreiser@...wagon.com>, Matt Mackall <mpm@...enic.com>, linux-kernel@...r.kernel.org, security@...nel.org Subject: Re: /dev/urandom uses uninit bytes, leaks user data Andrew Lutomirski wrote: > I understand that there's no way that /dev/random can provide good > output if there's insufficient entropy. But it still shouldn't leak > arbitrary bits of user data that were never meant to be put into the > pool at all. It doesn't leak it though, it consumes it, and it then vanishes into the entropy pool, never to be seen again. > Step 1: Boot a system without a usable entropy source. > Step 2: add some (predictable) "entropy" from userspace which isn't a > multiple of 4, so up to three extra bytes get added. > Step 3: Read a few bytes of /dev/random and send them over the network. Only root can do 1 and 2, at which point, it's already game over. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists