Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 14 Mar 2013 10:32:59 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode

On 13-Mar-2013 15:54:15 +0400, gremlin@...mlin.ru wrote:

 >> http://lkml.indiana.edu/hypermail/linux/kernel/0012.2/0502.html
 > Yes, I've found that while investigating the possible impact. Also,
 > the random.c doesn't use the data directly, but instead hashes it.

And that has some impact: the malicious (or just curious) unprivileged
user may run flood the devices with garbage, and the kernel will spend
resources hashing it.

Try this: `dd bs=1M if=/dev/zero of=/dev/urandom`

On a Core i5-2400 3.10GHz CPU, only 16 processes running for several
minutes result in all cores loaded at 99% and the load average of 20.
My workstation has survived the experiment, but heavy-loaded servers
may dislike that :-)

 > But my opinion stays exactly the same: devices should be 0644, and
 > only trusted random data sources should be used to add entropy to
 > the pool via add_device_randomness().
 > So, I'll just restrict the access to /dev/{,u}random locally :-)

... and recommend others do the same.


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin  gremlin  ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ