lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ZswmTJf1asZUJ-5Z@zx2c4.com>
Date: Mon, 26 Aug 2024 08:53:00 +0200
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: Yann Droneaud <yann@...neaud.fr>
Cc: linux-kernel@...r.kernel.org, linux-crypto@...r.kernel.org,
	linux-api@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
	Andy Lutomirski <luto@...nel.org>,
	Thomas Gleixner <tglx@...utronix.de>,
	Vincenzo Frascino <vincenzo.frascino@....com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Adhemerval Zanella Netto <adhemerval.zanella@...aro.org>,
	Carlos O'Donell <carlos@...hat.com>,
	Florian Weimer <fweimer@...hat.com>, Arnd Bergmann <arnd@...db.de>,
	Jann Horn <jannh@...gle.com>,
	Christian Brauner <brauner@...nel.org>,
	David Hildenbrand <dhildenb@...hat.com>
Subject: Re: [PATCH] random: vDSO getrandom() must reject invalid flag

Hi Yann,

On Sun, Aug 25, 2024 at 04:47:50PM +0200, Yann Droneaud wrote:
> Like getrandom() syscall, vDSO getrandom() must not let
> unknown flags unnoticed [1].
> 
> It could be possible to return -EINVAL from vDSO, but
> in the likely case a new flag is added to getrandom()
> syscall in the future, it would be nicer to get the
> behavior from the syscall, instead of an error until
> the vDSO is extended to support the new flag.

Thanks, that seems right to me.

Currently the @flags only matter if the RNG isn't initialized yet, so we
fallback if it's not initialized. But if it is initialized, all of the
flags behave the same way, so it didn't bother checking them. But that
doesn't account for invalid flags, and you're right to point out that
accepting them silently is an API problem.

I've applied this here, and I'll send it in as a fix soon:

    https://git.kernel.org/pub/scm/linux/kernel/git/crng/random.git/commit/?id=ed9fbbeb29


Thanks for the patch,
Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ