2001-10-19 21:22:51

by Jacques Gelinas

[permalink] [raw]
Subject: Is writing to /dev/ramdom a security flaw (vserver project)

I have announced a project (see my signature) to run several virtual servers
on a single box (single kernel as well). The vservers are real linux distribution
running in a chroot/chbind/chcontext and capability limited environment.

While looking at the kernel we found out that writing to /dev/random is
not controlled by any capability. We are providing a /dev/random in
the vservers with permission 644, so it can be used.

Is this a security issue if an administrator of a vserver is allowed to write
in /dev/random ?

Looking at the source, it seems that it just increase the entropy and should
not be an issue. I am no expert in randomness.

If this is an issue, then a capability must exist to limit that (CAP_SYS_ADMIN
I guess).

Thanks!

---------------------------------------------------------
Jacques Gelinas <[email protected]>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc


2001-10-19 21:36:22

by Chris Friesen

[permalink] [raw]
Subject: Re: Is writing to /dev/ramdom a security flaw (vserver project)

Jacques Gelinas wrote:
>
> I have announced a project (see my signature) to run several virtual servers
> on a single box (single kernel as well). The vservers are real linux distribution
> running in a chroot/chbind/chcontext and capability limited environment.
>
> While looking at the kernel we found out that writing to /dev/random is
> not controlled by any capability. We are providing a /dev/random in
> the vservers with permission 644, so it can be used.
>
> Is this a security issue if an administrator of a vserver is allowed to write
> in /dev/random ?

My understanding is that anything written to /dev/random is stirred into the
pool without incrementing the entropy count. Thus, it shouldn't be an issue.

Chris

--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: [email protected]

2001-10-20 00:26:37

by daw

[permalink] [raw]
Subject: Re: Is writing to /dev/ramdom a security flaw (vserver project)

Jacques Gelinas wrote:
>Is this a security issue if an administrator of a vserver is allowed to write
>in /dev/random ?

If you're talking about write(2), it should be safe, since the entropy
count is not affected. If you're talking about doing an ioctl(2) on
/dev/random, this is risky (since root can modify the entropy counter),
but it looks like all those code paths are protected by a capability
check, so my guess is that you're probably ok this, too.