lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 24 Jul 2014 13:54:05 -0700 From: Andy Lutomirski <luto@...capital.net> To: Henrique de Moraes Holschuh <hmh@....eng.br> Cc: "Theodore Ts'o" <tytso@....edu>, Linux Kernel Developers List <linux-kernel@...r.kernel.org>, Linux API <linux-api@...r.kernel.org>, linux-crypto@...r.kernel.org Subject: Re: [PATCH -v5] random: introduce getrandom(2) system call On Thu, Jul 24, 2014 at 1:30 PM, Henrique de Moraes Holschuh <hmh@....eng.br> wrote: > On Thu, 24 Jul 2014, Theodore Ts'o wrote: >> On Thu, Jul 24, 2014 at 08:21:38AM -0700, Andy Lutomirski wrote: >> > > Should we add E<SOMETHING> to be able to deny access to GRND_RANDOM or some >> > > future extension ? >> > >> > This might actually be needed sooner rather than later. There are >> > programs that use containers and intentionally don't pass /dev/random >> > through into the container. I know that Sandstorm does this, and I >> > wouldn't be surprised if other things (Docker?) do the same thing. >> >> I wouldn't add the error to the man page until we actually modify the >> kernel to add such a restriction. > > By then, it might be too late. It would be really sad to find ourselves > forced to return ENOSYS to getrandom(GRND_RANDOM) when we actually wanted to > return EPERM/EACCES. > > Actually, we might not be able to do even that much: all it takes is for > someone to have the bright idea of deploying userspace code that checks for > ENOSYS only on a first "probe" getrandom() syscall without GRND_RANDOM, and > does something idiotic when it gets ENOSYS later on a > getrandom(GRND_RANDOM). meh. We can't even abuse the system ourselves :-) > Or that someone writes userspace code that gets -EPERM/-EACCESS on getrandom with GRND_RANDOM and falls back to something worse than getrandom w/o GRND_RANDOM. --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists