lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAHmME9pgFXhSdWpTwt_x51pFu2Qm878dhcQjG9WhPXV_XFXm9w@mail.gmail.com>
Date: Thu, 4 Jul 2024 20:57:23 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: jolsa@...nel.org, mhiramat@...nel.org, cgzones@...glemail.com, 
	brauner@...nel.org, linux-kernel@...r.kernel.org, arnd@...db.de
Subject: Re: deconflicting new syscall numbers for 6.11

Hi Linus,

On Thu, Jul 4, 2024 at 8:52 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Thu, 4 Jul 2024 at 11:46, Jason A. Donenfeld <Jason@...c4.com> wrote:
> >
> >
> > I addressed this in the cover letter:
> >
> > | How do we rectify this? By putting a safe implementation of getrandom()
> > | in the vDSO, which has access to whatever information a
> > | particular iteration of random.c is using to make its decisions. I use
> > | that careful language of "particular iteration of random.c", because the
> > | set of things that a vDSO getrandom() implementation might need for making
> > | decisions as good as the kernel's will likely change over time.
>
> Jason. This smells. It's BS.

It's not BS. And that's not a real argument from you, but rather is
something else.

> Christ, let's make a deal: do a five-liner patch that adds the
> generation number to the vdso data, and basically document it as a
> "the kernel thinks you need to reseed your buffers using getrandom"
> flag.

I really do not want to expose random.c internals, and then deal with
the consequences of breaking user code that relied on that. The fake
entropy count API was already a nightmare to move away from. And I
think there's tremendous value in letting users use the kernel's
*exact algorithm*, whatever it happens to be, without syscall
overhead. Plus, this means further proliferation of bad userspace
RNGs. So I think the deal is a bad one.

> reason why that doesn't work, I'll take the 1000+ line thing

(I would like to point out that a good deal of that series is test
code and documentation and such.)

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ