Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Mar 2013 09:10:38 +0000
From: Tim Brown <tmb@...35.com>
To: oss-security@...ts.openwall.com
Cc: gremlin@...mlin.ru
Subject: Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode

On Wednesday 13 Mar 2013 08:35:54 gremlin@...mlin.ru wrote:

*snip*

> The obvious fix is to create these devices with mode 0644,
> so only root will be able to re-initialize the entropy pool.

On Debian at least:

/lib/udev/rules.d/91-permissions.rules:KERNEL=="random",                
MODE="0666"
/lib/udev/rules.d/91-permissions.rules:KERNEL=="urandom",               
MODE="0666"

> Possibly, this even deserves a CVE to be assigned...

Tim
-- 
Tim Brown
<mailto:tmb@...35.com>

Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ