Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Mar 2013 15:54:15 +0400
From: gremlin@...mlin.ru
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode

On 13-Mar-2013 17:55:07 +0800, Pavel Labushev wrote:

 > http://lkml.indiana.edu/hypermail/linux/kernel/0012.2/0502.html

Yes, I've found that while investigating the possible impact. Also,
the random.c doesn't use the data directly, but instead hashes it.

But my opinion stays exactly the same: devices should be 0644, and
only trusted random data sources should be used to add entropy to
the pool via add_device_randomness(). For my own needs, I prefer a
$5 hardware RNG (consisting of ATtiny85 and LM393) plugged to USB,
or even several such devices working in parallel.

So, I'll just restrict the access to /dev/{,u}random locally :-)


-- 
Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net
GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.