Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp2890968ybe; Sun, 15 Sep 2019 03:04:02 -0700 (PDT) X-Google-Smtp-Source: APXvYqzNAovPKMndwiKWv2nevCOJpRcERlt9wnxFXZW7D0rJmXvmHYvs3BMWQqvUDNdbh18MXluy X-Received: by 2002:a50:c351:: with SMTP id q17mr18770255edb.123.1568541842840; Sun, 15 Sep 2019 03:04:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568541842; cv=none; d=google.com; s=arc-20160816; b=On1uDaDMExK/G+HmKJSm864aPfVQwsr2lEpz8pvygViyecOEUWFGxhMuINCpc69Aky 6IQj5NyGbzf6OtnuTGgfNMxEAg7/ilbpITXXVv1o3lxPeZ2eBHSQDJrjyVwiWkJnWkLk n8Mz8yCcogfx44LoLH3hpaTiSTJ5S6W5C6R6q/S5eQBI+w+LQyRaTP6g1hzTC04AGQE5 E6w7W/F9dtChx4eMzWX11/2HJD4OhLJt+2//IcV762f8kOtgrR6TlGWNxbmwEWs+Pes1 4yh23eC3xg9HLPS9G7LQTAudTbN7C+OOlxyGH847ZmdIfysCzUpM4qrP1pH1akakjZNq HqdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=Lq/56+aWk8HZUKxvrJKXQrsRwTL+BrL6ITyZ6xEfBMU=; b=DLEVHlh7lHlixM2M7jaWvaOnA83LD+zVng4wG7Nk8/8zvtxKkwXU3s0iEfg3f+L3JU CWfIy56j8J8ZclBNBPa1uz4Xptv2xOWvRhDaQphRYCceK2Yy5e+DOlzB0czLz/Tnuscl Xy98MlAzfMvujs7wgzX2YmneARyXJZW0XR8HvXyvvkiuz0iR09G3ralna2rtzPifmLA0 EDzKIuLnfeA/YNhtTxLwtgQJlzAd6V0d37hKDkP7N8Oq7C8nIPZ9sRFmw7kyIBVt2jhc DDfr6LFM41qHxUgku9qmBtAJoPEEsRbtrT43vz4jO6xHa899wUIwpKC/mtOUqF0hbj8n GzFg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eTMplotU; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h19si2960530ejd.142.2019.09.15.03.03.32; Sun, 15 Sep 2019 03:04:02 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=eTMplotU; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726247AbfIOKCL (ORCPT + 99 others); Sun, 15 Sep 2019 06:02:11 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:41575 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726246AbfIOKCL (ORCPT ); Sun, 15 Sep 2019 06:02:11 -0400 Received: by mail-wr1-f66.google.com with SMTP id h7so34941678wrw.8; Sun, 15 Sep 2019 03:02:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=Lq/56+aWk8HZUKxvrJKXQrsRwTL+BrL6ITyZ6xEfBMU=; b=eTMplotUWxXR9+xdOydd7k/YYG1wMf4xowk3fBBO8Ad14YiO1v+93eKKoF753Adt2z FEXDYuULX2VBu7So2FATETLh9YyXhoysnWaLTOdrXiUHmjTCSiGJxT4YOc7aRQtk+0x1 pJqpeu5taDtt43YRbUYe+knsiMEknUQf48uMoek0wCmXOA1ke29GscFEhpssj293Qil8 naBMZvXETS7av/1ZR05puMfen/j4Mhyk7NQ1NlqyJOO0TIL/RNGDWTpF203vp9VV52N1 HcC5ntSeXkuce2nEkiJarPdv4sCuB/bL9vaDKAFr3TYaXqDu9bsQ8rtYRl8cjF+c+5AC GXKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=Lq/56+aWk8HZUKxvrJKXQrsRwTL+BrL6ITyZ6xEfBMU=; b=d7pPg68yOLbZwgGj23isnWUzr9lo6qcDwiXylaPbrbePm757h2RqyXpBaO0iu/vNmZ E/v2KG0kNeHglvpuaS9LtuVJNWNUlvvFN8gyBbclT0XL/MnBE9zMV8yqOeovB33xwAY1 hHzKjG0ancW+NDV80mO3NUylfR3MhV0xtS75QHJSi/ougbaiCQUHPAkOg4MRJINqHx2Z iS2i+EwRnr86S6Oye2KPCB0HWo2ZGwex2vlMtArz2kaE0AlnAPvdy4Cxlr8SuqMUwveo cOS//3dVg7j2QlycIUR0wksVdaTzwTy5okp8HxnEgSGwvdMHZHeWQgBWSDXMLKL9rkdQ ujgQ== X-Gm-Message-State: APjAAAVNIyzXqU8dSHU0y7aOsGCO4aPjLpss7tQAJ8HK7wjrQxdejdxx wPBHGA8C2S6dkhHdfRDOISE= X-Received: by 2002:a05:6000:10c2:: with SMTP id b2mr27798625wrx.45.1568541727973; Sun, 15 Sep 2019 03:02:07 -0700 (PDT) Received: from darwi-home-pc (p200300D06F2D1401AF0812D8DEE03BEC.dip0.t-ipconnect.de. [2003:d0:6f2d:1401:af08:12d8:dee0:3bec]) by smtp.gmail.com with ESMTPSA id w4sm5668769wrv.66.2019.09.15.03.02.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 15 Sep 2019 03:02:07 -0700 (PDT) Date: Sun, 15 Sep 2019 12:02:01 +0200 From: "Ahmed S. Darwish" To: Willy Tarreau Cc: Lennart Poettering , "Theodore Y. Ts'o" , Linus Torvalds , "Alexander E. Patrakov" , Michael Kerrisk , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: [PATCH RFC v3] random: getrandom(2): optionally block when CRNG is uninitialized Message-ID: <20190915100201.GA2663@darwi-home-pc> References: <20190911173624.GI2740@mit.edu> <20190912034421.GA2085@darwi-home-pc> <20190912082530.GA27365@mit.edu> <20190914122500.GA1425@darwi-home-pc> <008f17bc-102b-e762-a17c-e2766d48f515@gmail.com> <20190915052242.GG19710@mit.edu> <20190915081747.GA1058@darwi-home-pc> <20190915085907.GC29771@gardel-login> <20190915093057.GF20811@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190915093057.GF20811@1wt.eu> User-Agent: Mutt/1.12.1 (2019-06-15) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Sun, Sep 15, 2019 at 11:30:57AM +0200, Willy Tarreau wrote: > On Sun, Sep 15, 2019 at 10:59:07AM +0200, Lennart Poettering wrote: > > We live in a world where people run HTTPS, SSH, and all that stuff in > > the initrd already. It's where SSH host keys are generated, and plenty > > session keys. > > It is exactly the type of crap that create this situation : making > people developing such scripts believe that any random source was OK > to generate these, and as such forcing urandom to produce crypto-solid > randoms! Willy, let's tone it down please... the thread is already getting a bit toxic. > No, distro developers must know that it's not acceptable to > generate lifetime crypto keys from the early boot when no entropy is > available. At least with this change they will get an error returned > from getrandom() and will be able to ask the user to feed entropy, or > be able to say "it was impossible to generate the SSH key right now, > the daemon will only be started once it's possible", or "the SSH key > we produced will not be saved because it's not safe and is only usable > for this recovery session". > > > If Linux lets all that stuff run with awful entropy then > > you pretend things where secure while they actually aren't. It's much > > better to fail loudly in that case, I am sure. > > This is precisely what this change permits : fail instead of block > by default, and let applications decide based on the use case. > Unfortunately, not exactly. Linus didn't want getrandom to return an error code / "to fail" in that case, but to silently return CRNG-uninitialized /dev/urandom data, to avoid user-space even working around the error code through busy-loops. I understand the rationale behind that, of course, and this is what I've done so far in the V3 RFC. Nonetheless, this _will_, for example, make systemd-random-seed(8) save week seeds under /var/lib/systemd/random-seed, since the kernel didn't inform it about such weakness at all.. The situation is so bad now, that it's more of "some user-space are more equal than others".. Let's just at least admit this while discussing the RFC patch in question. thanks, > > Quite frankly, I don't think this is something to fix in the > > kernel. > > As long as it offers a single API to return randoms, and that it is > not possible not to block for low-quality randoms, it needs to be > at least addressed there. Then userspace can adapt. For now userspace > does not have this option just due to the kernel's way of exposing > randoms. > > Willy