lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 30 Oct 2017 08:39:56 +0100
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Theodore Ts'o <tytso@....edu>, Chen Feng <puck.chen@...ilicon.com>,
        zhaoyukun@...wei.com, arnd@...db.de, linux-kernel@...r.kernel.org,
        suzhuangluan@...ilicon.com, dan.zhao@...ilicon.com
Subject: Re: [PATCH RFC] random: fix syzkaller fuzzer test int overflow

On Sun, Oct 29, 2017 at 02:25:29PM -0400, Theodore Ts'o wrote:
> On Sat, Oct 28, 2017 at 11:22:00AM +0800, Chen Feng wrote:
> > 
> > I checked the ioctl. What's the purpose of RNDADDTOENTCNT ioctl to
> > userspace?
> 
> It's a legacy ioctl which is probably not used anywhere; it's been
> replaced by RNDADDENTROPY.  It previously allows root to bump the
> entropy estimate, but the right way to do this by rngd is to
> atomically add entropy to the pool land and bump the entropy estimate
> at the same time.
> 
> The UBSAN is harmless.  The ioctl requires root, and the entropy_total
> field, which is involved in the UBSAN, is only used in the first few
> seconds of boot, to determine when the entropy pool has been
> initialized.  In general on desktop and servers this happens before
> userspace has a chance to run.
> 
> In any case, here's a fix for this.
> 
> 					- Ted
> 
> commit 6f7034d0c52e21f30002b95126b6b98e4618dc57
> Author: Theodore Ts'o <tytso@....edu>
> Date:   Sun Oct 29 14:17:26 2017 -0400
> 
>     random: use a tighter cap in credit_entropy_bits_safe()
>     
>     This fixes a harmless UBSAN where root could potentially end up
>     causing an overflow while bumping the entropy_total field (which is
>     ignored once the entropy pool has been initialized, and this generally
>     is completed during the boot sequence).
>     
>     This is marginal for the stable kernel series, but it's a really
>     trivial patch, and it UBSAN warning that might cause security folks to
>     get overly excited for no reason.
>     
>     Signed-off-by: Theodore Ts'o <tytso@....edu>
>     Cc: stable@...r.kernel.org

No "Reported-by:"?

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ