oss-sec mailing list archives
Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode
From: gremlin () gremlin ru
Date: Wed, 13 Mar 2013 15:54:15 +0400
On 13-Mar-2013 17:55:07 +0800, Pavel Labushev wrote:
http://lkml.indiana.edu/hypermail/linux/kernel/0012.2/0502.html
Yes, I've found that while investigating the possible impact. Also, the random.c doesn't use the data directly, but instead hashes it. But my opinion stays exactly the same: devices should be 0644, and only trusted random data sources should be used to add entropy to the pool via add_device_randomness(). For my own needs, I prefer a $5 hardware RNG (consisting of ATtiny85 and LM393) plugged to USB, or even several such devices working in parallel. So, I'll just restrict the access to /dev/{,u}random locally :-) -- Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> GPG key ID: 0xEF3B1FA8, keyserver: hkp://subkeys.pgp.net GPG key fingerprint: 8832 FE9F A791 F796 8AC9 6E4E 909D AC45 EF3B 1FA8
Current thread:
- Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Tim Brown (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Eduardo Tongson (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Pavel Labushev (Mar 13)
- <Possible follow-ups>
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode Kurt Seifried (Mar 14)
- Re: Linux kernel + devtmpfs automount == insecure /dev/{,u}random mode gremlin (Mar 13)