Bugtraq mailing list archives
Re: Tempfile vulnerabilities
From: marc () GIMP ORG (Marc Lehmann)
Date: Wed, 9 Feb 2000 00:27:43 +0100
/dev/random -- a world readable device -- should do the following: cat /dev/random > /dev/null & Crypto software which uses those devices should be doing some kind of checking to make sure that they are getting at least good entropy. I
On linux at least, the above is at most a denial of service attack, as /dev/random does not deliver any data when it runs out of entropy (and programs usually are prepared to wait for data on that devices for some time). On linux/x86, moving my mouse generates >400bytes/s random data (this is currently specific to x86), and if two processes listen on /dev/random, both get about half the random data, so it seems that there isn't even a denial of service attack here. -- -----==- | ----==-- _ | ---==---(_)__ __ ____ __ Marc Lehmann +-- --==---/ / _ \/ // /\ \/ / pcg () opengroup org |e| -=====/_/_//_/\_,_/ /_/\_\ XX11-RIPE --+ The choice of a GNU generation | |
Current thread:
- Cross Site Scripting security issue, (continued)
- Cross Site Scripting security issue Robert Zilbauer (Feb 02)
- Re: Tempfile vulnerabilities Len Budney (Feb 03)
- Re: Tempfile vulnerabilities antirez (Feb 05)
- Re: Tempfile vulnerabilities Ian Turner (Feb 07)
- Re: Tempfile vulnerabilities Seth David Schoen (Feb 07)
- Remote access vulnerability in all MySQL server versions Robert van der Meulen (Feb 08)
- don't run random "exploit" code Marc Slemko (Feb 08)
- cookies - nothing new Steven Champeon (Feb 07)
- Re: cookies - nothing new MJE (Feb 08)
- Re: Tempfile vulnerabilities Peter Berendi (Feb 08)
- Re: Tempfile vulnerabilities Marc Lehmann (Feb 08)