lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 18 Feb 2022 15:50:35 +0100
From:   Stanislav Brabec <sbrabec@...e.cz>
To:     linux-kernel@...r.kernel.org
Subject: [RFC] uuid_generate_time_safe() without uuidd should always return -1

After a deeper research, we realized that only the uuidd provides the 
guarantee of uniqueness of UUIDs across different CPUs and different UIDs.

Without it, there is a probability that two different processes on two 
different CPUs with a different UID will call uuid_generate_time_safe() 
in the same time and generate duplicated UUIDs.

There is a LIBUUID_CLOCK_FILE that should prevent it. But this approach 
can work properly for a single UID only. And creating it world-writable 
file would cause more problems that it will fix.

That is why I propose that uuid_generate_time_safe() should always 
return -1 in case that it cannot interact with uuidd.

To realize this, uuid_generate_time_generic() should return -1 instead 
of __uuid_generate_time() return code.

It should not break uuidd, as it calls __uuid_generate_time() directly.


In the last month, we had a discussion about one clock file per UID and 
one for uuidd as a solution of LIBUUID_CLOCK_FILE being handled in a 
first-UID-wins manner. It could improve the situation, but only for 
UUIDs generated by the same UID.

Both changes are partially mutually exclusive: If 
uuid_generate_time_safe() will always return -1, there will be no chance 
to inform the program, that the alternative synchronization was used. 
(This information could still be useful.) That it why I propose a small 
change of API:

Add a new return code of uuid_generate_time_safe().

== RETURN VALUE

The newly created UUID is returned in the memory location pointed to by 
_out_. *uuid_generate_time_safe*() returns zero if the UUID has been 
generated in a safe manner, 1 if the UUID has been generated in a manner 
that is safe for a single UID, -1 otherwise.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                         e-mail: sbrabec@...e.com
Křižíkova 148/34 (Corso IIa)                    tel: +420 284 084 060
186 00 Praha 8-Karlín                          fax:  +420 284 084 001
Czech Republic                                    http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ