oss-sec mailing list archives
Re: CVE request: libressl before 2.0.2 under linux PRNG failure
From: Rich Felker <dalias () libc org>
Date: Thu, 17 Jul 2014 13:58:13 -0400
On Wed, Jul 16, 2014 at 11:13:44AM +0200, Hanno Böck wrote:
Hi, This has made the news lately: https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux Should get a CVE. Affected is portable libressl 2.0.0 and 2.0.1 on Linux. 2.0.2 has been released: https://marc.info/?l=openbsd-tech&m=140548206911600&w=2 Under certain conditions forking a process can create repeated random numbers. LibreSSL 2.0.2 contains a workaround, although the reporter of this issue thinks this may not be the best approach. Please assign CVE.
I'm skeptical of assigning a CVE for this. The case in which repeated random numbers could happen is not a typical or even reasonably-safe usage case. Fork without exec is already a risky usage pattern for several reasons: - In programs which use arbitrary libraries including some which may be internally multi-threaded, it may invoke undefined behavior. (Behavior is undefined if the forked child of a multi-threaded process calls any non-async-signal-safe function before a successful exec, per POSIX.) - In general, it exposes the address space layout and all data from the parent (rather than just data the child actually needs) to the child, greatly increasing the risk of leaking this information. The only typical usage case I'm aware of that involves SSL and fork without exec is a service that forks a child for each connection. This normally does not involve grandchild processes without exec, nor does it involve the main service process exiting, which would be necessary in order for the pid to be re-assigned. Also, it's likely that such service processes run in their own process group, in which case it's impossible for the pid to be re-assigned even if the main serice process dies. In addition, the versions of libressl that fixed this issue added new, possibly worse issues at the same time. See: http://port70.net/~nsz/47_arc4random.html Rich
Current thread:
- CVE request: libressl before 2.0.2 under linux PRNG failure Hanno Böck (Jul 16)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 30)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 31)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Aug 06)
- Re: Re: CVE request: libressl before 2.0.2 under linux PRNG failure Stuart Henderson (Jul 18)
- Re: CVE request: libressl before 2.0.2 under linux PRNG failure cve-assign (Jul 16)