oss-sec mailing list archives
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
From: Tim Brown <tmb () 65535 com>
Date: Wed, 13 Mar 2013 09:10:38 +0000
On Wednesday 13 Mar 2013 08:35:54 gremlin () gremlin ru wrote: *snip*
The obvious fix is to create these devices with mode 0644, so only root will be able to re-initialize the entropy pool.
On Debian at least: /lib/udev/rules.d/91-permissions.rules:KERNEL=="random", MODE="0666" /lib/udev/rules.d/91-permissions.rules:KERNEL=="urandom", MODE="0666"
Possibly, this even deserves a CVE to be assigned...
Tim -- Tim Brown <mailto:tmb () 65535 com>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev (Mar 13)
- <Possible follow-ups>
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried (Mar 14)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)