Received: by 10.192.165.148 with SMTP id m20csp89107imm;
        Tue, 1 May 2018 18:12:00 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZrYYUNTR7iFFBAjKaNdF+N/Pm1P1Qs2StpUHLcYgCXa+0iCeFq/HwSdEc+/YYpvAz7bkzkb
X-Received: by 2002:a65:4a02:: with SMTP id s2-v6mr14421663pgq.265.1525223520855;
        Tue, 01 May 2018 18:12:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525223520; cv=none;
        d=google.com; s=arc-20160816;
        b=KSqxnzRvy8K5OS3/D12xVyAEZIWtR99iyxPlSGjOMGBNkKLn/cQXpuVlGi1gQvSrwE
         S6P/WgSqlSi248cBk9xrt3kh1YI+CPqHYPoglw4LXNgxPCrtYJR1YrOlT+kz/WxjwzSI
         MyKPgzK1wkB5JcpRfOoqEk+jH18tE7fIqCQp9+NjA6uZpj6nrqSjt5El3NZKNFjKlxDX
         xJCWG4TlhsNrbtEVDG/LiqxefcvkedwnFQ+c34UBcYw1OockX9/VGyNtH2Dl0f/l+m6M
         KR23bcPIoq0yF2ba/2Wvt3Yntg+bsJL+gxmws9vSE1ejaTPcG/bSd5h/QLKZNlw3qmLd
         +80Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:to
         :from:date:dkim-signature:arc-authentication-results;
        bh=2iPGSNV/0l4EQ7hQcUTp+n01nau/d8KHNPVbC5zph9A=;
        b=hQsyTCPrQRMBvElV59jbEvyIYZIMpdVp3yu3WtR2LN//mXNzWdESN8zSF7OHkYg5LT
         imPk4PVfe1LzAKEn/2Bmms8FJ1URqZAt/gq8vEeEH6UZ7k6RDLMbxIiN9P9C7P25MEK0
         yPzcUVnboJFHtYsN2jYNTI7faTU/z6fMUhUeJyFvWMW9QVOEKIs/mUnp1OXc9eNdm4u4
         GJ87PgGPfmttOZEI6uBvCoE9CSxdNdVBY1GqhZEHGIKO35u9FLuJW4ToSyDvh1uWqmKw
         LyXYxXH1GH3jh+aW3BSjBMOHXzEbpp5aVdQ2f8KqI8Rog4sQdff/oE4BY0bU1Jq4MuRn
         3JQw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=o5Fo2Bfd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b6si10774083pfk.342.2018.05.01.18.11.46;
        Tue, 01 May 2018 18:12:00 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=o5Fo2Bfd;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751469AbeEBBLU (ORCPT
        <rfc822;paul.schmitz.hallo.parkuhr@gmail.com> + 99 others);
        Tue, 1 May 2018 21:11:20 -0400
Received: from mail-oi0-f65.google.com ([209.85.218.65]:40081 "EHLO
        mail-oi0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751283AbeEBBLP (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 May 2018 21:11:15 -0400
Received: by mail-oi0-f65.google.com with SMTP id c203-v6so11514371oib.7
        for <linux-kernel@vger.kernel.org>; Tue, 01 May 2018 18:11:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=2iPGSNV/0l4EQ7hQcUTp+n01nau/d8KHNPVbC5zph9A=;
        b=o5Fo2BfdqCZwCYXutkR4Q4Gh8gdpLKd+hH0PdVpQBsofvBjc0oz+WSJUfn6WP9buPV
         xyLJ2wUn77t0aGCUnSfFLfuPloZ07yRDkvKRtPRWW7o6wrQO1jznHlmMVOYL1AyXF+hX
         0uZg+ypk4CFzDHeRFNUbHofsSWJDlSB9YsV7+ZBRSckXfqhxN8Ou2Cgev6HUaLeedgaA
         6usk4kAUDJFyDUDQZabsi2jd4eZQSJoIFxTjcT0cAmCGcaUNIGbTiEbRqN/agdDtCzMy
         BoHSs8eoKx3FF/NCxLRazei3nDf1qv3Xz/DuM1OwcrfAeueCXSRIUchn0chFj6NAzOwj
         PmYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=2iPGSNV/0l4EQ7hQcUTp+n01nau/d8KHNPVbC5zph9A=;
        b=FOyqLA5GT/fpSlyRcBS4AqB9szCrKL1aoJIysBS0H9NqKSFtFxwDS6+4Oe1EV7pvbg
         8vRftADohipMG/kMjQ8HGLerXV89FOfBhQ2xM0AH+Q5P8w5q7/ZfeFT1KuPiBiRQHKpt
         r+SRb7/rRhQFTOltkj3AoRVOVQIGBCQIIh81golcC/8B1K1Fam18dEgnR4Pb+H1HY+k6
         Hn648PQ71V+8Aysr0sXJDgo0XVvGy2YRcllz1zk3AipURHcz+68f0PqnKAAFwiNrpe1d
         MY3LVJHrl+vvOrkNkXBIjpIm1jSGBdV209fZp58czfcYtRztbgOx5gXglqaOq7P8kEGz
         xGfA==
X-Gm-Message-State: ALQs6tAbU7dz88Ib/JDkNnAL9gKQIlekeO7MbKQPgIQmMSwu+YDxYjS4
        4PDORE6Uc5hNITFvpbUpoxI=
X-Received: by 2002:aca:afcc:: with SMTP id y195-v6mr11204871oie.83.1525223475184;
        Tue, 01 May 2018 18:11:15 -0700 (PDT)
Received: from sultan-box ([107.193.118.89])
        by smtp.gmail.com with ESMTPSA id l2-v6sm7445001otd.38.2018.05.01.18.11.13
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Tue, 01 May 2018 18:11:14 -0700 (PDT)
Date:   Tue, 1 May 2018 18:11:11 -0700
From:   Sultan Alsawaf <sultanxda@gmail.com>
To:     "Theodore Y. Ts'o" <tytso@mit.edu>,
        Justin Forbes <jmforbes@linuxtx.org>,
        Jeremy Cline <jeremy@jcline.org>, Pavel Machek <pavel@ucw.cz>,
        LKML <linux-kernel@vger.kernel.org>, Jann Horn <jannh@google.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
Message-ID: <20180502011111.m2jtl7tvdq3h3nhc@sultan-box>
References: <20180429170541.lrzwyihrd6d75rql@sultan-box>
 <20180429184101.GA31156@amd>
 <20180429202033.ysmc42mj2rrk3h7p@sultan-box>
 <20180429220519.GQ5965@thunk.org>
 <01000163186628e6-3fe4abfc-eaaf-470c-90c8-2d8ad91db8f1-000000@email.amazonses.com>
 <CAFxkdAogN0S9vgQhKoO+Zpp07bXveDQYPLvwjULoTRv3Or83qQ@mail.gmail.com>
 <20180501125518.GI20585@thunk.org>
 <CAFxkdArLwrG8x6fNtLUfHedKrH_0d97V6UEzOCBgK8Shkir9pQ@mail.gmail.com>
 <20180502004317.kxwiu2oephgbi6ok@sultan-box>
 <20180502005604.GJ10479@thunk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20180502005604.GJ10479@thunk.org>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 01, 2018 at 08:56:04PM -0400, Theodore Y. Ts'o wrote:
> On Tue, May 01, 2018 at 05:43:17PM -0700, Sultan Alsawaf wrote:
> > 
> > I've attached what I think is a reasonable stopgap solution until this is
> > actually fixed. If you're willing to revert the CVE-2018-1108 patches
> > completely, then I don't think you'll mind using this patch in the meantime.
> 
> I would put it slightly differently; reverting the CVE-2018-1108
> patches is less dangerous than what you are proposing in your attached
> patch.
> 
> Again, I think the right answer is to fix userspace to not require
> cryptographic grade entropy during early system startup, and for
> people to *think* about what they are doing.  I've looked at the
> systemd's use of hmac in journal-authenticate, and as near as I can
> tell, there isn't any kind of explanation about why it was necessary,
> or what threat it was trying to protect against.
> 
> 						- Ted

Why is /dev/urandom so much more dangerous than /dev/random? The
more I search, the more I see that many sources consider /dev/urandom
to be cryptographically secure... and since I hold down a single key on
the keyboard to make my computer boot without any kernel workarounds,
I'm sure the NSA would eventually notice my predictable behavior and get
their hands on my Richard Stallman photos.

Fixing all the "broken" userspace instances of entropy usage during early
system startup is a tall order. What about barebone machines used as
remote servers? I feel like just "fixing userspace" isn't going to cover
all of the usecases that the CVE-2018-1108 patches broke.

Sultan