Bugtraq mailing list archives
Re: Tempfile vulnerabilities
From: berendi2 () WEBDESIGN HU (Peter Berendi)
Date: Tue, 8 Feb 2000 15:06:55 +0100
On Sat, 5 Feb 2000, antirez wrote:
Sure but there is another problem, while evil user exec 'cat /dev/random > /dev/null &' maybe that the following results in an infinite loop: while(there_are_enougt_entropy() == 0) sleep(1); /* race -- what if the evil user starts to deplate the entropy pool here? */ get_entropy_from_randomdev(); Can be so easy to DoS cryptographic software?
Because of this, crypto software should open /dev/random in blocking mode. random_fd = open("/dev/random", O_RDONLY); read(random_fd, &seed, sizeof(seed)); At least it will not stop, but progress very slowly. I became curious, and straced my ssh client (1.2.26, debian/slink) while running cat /dev/random >/dev/null. I saw open("/dev/random", O_RDONLY) = 5 fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 read(5, 0xbfffcdfc, 32) = -1 EAGAIN (Resource temporarily unavailable) three times in the strace output, none were successful. Interesting, since I never ran ssh as root before (now needed for strace), therefore I didn't even have a .ssh/random_seed file. I think it should at least complain and request confirmation. -- PLESR | This great thing can be swallowed, WRTED | But can also swallow us. SHALT CAOAY
Current thread:
- Re: Tempfile vulnerabilities, (continued)
- Re: Tempfile vulnerabilities Chris Cappuccio (Feb 03)
- Cross Site Scripting security issue Robert Zilbauer (Feb 02)
- Re: Tempfile vulnerabilities Len Budney (Feb 03)
- Re: Tempfile vulnerabilities antirez (Feb 05)
- Re: Tempfile vulnerabilities Ian Turner (Feb 07)
- Re: Tempfile vulnerabilities Seth David Schoen (Feb 07)
- Remote access vulnerability in all MySQL server versions Robert van der Meulen (Feb 08)
- don't run random "exploit" code Marc Slemko (Feb 08)
- cookies - nothing new Steven Champeon (Feb 07)
- Re: cookies - nothing new MJE (Feb 08)
- Re: Tempfile vulnerabilities Peter Berendi (Feb 08)
- Re: Tempfile vulnerabilities Marc Lehmann (Feb 08)