Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758922AbXLTURV (ORCPT ); Thu, 20 Dec 2007 15:17:21 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753529AbXLTURM (ORCPT ); Thu, 20 Dec 2007 15:17:12 -0500 Received: from iriserv.iradimed.com ([72.242.190.170]:16943 "EHLO iradimed.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753342AbXLTURL (ORCPT ); Thu, 20 Dec 2007 15:17:11 -0500 Message-ID: <476ACDBE.2070600@cfl.rr.com> Date: Thu, 20 Dec 2007 15:17:02 -0500 From: Phillip Susi User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Andrew Lutomirski CC: Theodore Tso , David Newall , John Reiser , Matt Mackall , linux-kernel@vger.kernel.org, security@kernel.org Subject: Re: /dev/urandom uses uninit bytes, leaks user data References: <20071214201305.GL19691@waste.org> <20071214232322.GE17344@thunk.org> <47632010.6030709@BitWagon.com> <20071215043208.GF17344@thunk.org> <4766A40D.4080804@BitWagon.com> <20071217173623.GC7070@thunk.org> <476719E5.1010505@myrealbox.com> <2007121803053 In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 20 Dec 2007 20:17:19.0797 (UTC) FILETIME=[529E4E50:01C84345] X-TM-AS-Product-Ver: SMEX-7.5.0.1243-5.0.1023-15618.001 X-TM-AS-Result: No--12.240700-5.000000-31 X-TM-AS-User-Approved-Sender: No X-TM-AS-User-Blocked-Sender: No Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 936 Lines: 21 Andrew Lutomirski wrote: > I understand that there's no way that /dev/random can provide good > output if there's insufficient entropy. But it still shouldn't leak > arbitrary bits of user data that were never meant to be put into the > pool at all. It doesn't leak it though, it consumes it, and it then vanishes into the entropy pool, never to be seen again. > Step 1: Boot a system without a usable entropy source. > Step 2: add some (predictable) "entropy" from userspace which isn't a > multiple of 4, so up to three extra bytes get added. > Step 3: Read a few bytes of /dev/random and send them over the network. Only root can do 1 and 2, at which point, it's already game over. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/