Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5670910ybe; Tue, 17 Sep 2019 11:36:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqw725P9jyhvzRWAb278G7CGHmzRxO3O/0BUwJfsPbxAVIPQTFzjQYWjdNA3D/UjXKdPE3bf X-Received: by 2002:a17:906:bc2:: with SMTP id y2mr6165364ejg.148.1568745386674; Tue, 17 Sep 2019 11:36:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568745386; cv=none; d=google.com; s=arc-20160816; b=bXqL657Al5ax2f5vtpCnx2J+3kvBxa3N5h4oSIlwbh5gq/RAq28b82/FvwHaRTW0RD M3j5i7mrFKaygwRpWxJh+xHd4e/jz/Xv5Xqez/nU4qqmKkXNSv00xUvfze/SOCVX8QaQ ct1Gx8Q+Lqwst9TEvY+019hdLFkcbbBNK3/bq91cZtKbsRZDOiHSQAPtf95+MPmB5uMl QiIB1QaPCnm8yHGQ/b/gFAdv7vWU6Pso0ObLXE60uU4rknVTFTrw6LVs+mpZj+9ghlya mrtj+qjV5cwLlpTPzw/bhs3O5kJXnKfiAJutSzswEzjvR67fgdYiVm8IQ5OdZz3CEaVF 2rbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=ciaFkeS8KX4Dc5NsR0SyAnXwlW/OaCNdp4N7AfHD0gA=; b=H/CL26T4G+hrGFgDL1VoSzFHUA2d37LfHNUyMwhjyQTlvdWJyqwLeCySZ7EvOT7Vnt zbDToY8nnKNjjBnXnYXrdidfq3zNBQ+lMahannW7Yt9QYsACIlbvXOXJ2bC8gJFi/Wog TR9L3zsHZbSQdhAakGbfJbbNCpB/uj80hDng5d3rgMbCX+ryulSv9NdkCWBNewsY+7yK 0vplQ4+Y6E+9EwlE9nhN8TzpBSKn6Lxz9pD3VduprZ4TufDUWeelSxWNHo5ADIR5gK36 MsHVE9h6sxP83aAMyaUHhoAQZ3QrAbkIv6ak2YwhGddH3EByLv7ngK+owOwxjGMpiv7D Z2rQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id oo21si1486441ejb.121.2019.09.17.11.36.02; Tue, 17 Sep 2019 11:36:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726059AbfIQQWM (ORCPT + 99 others); Tue, 17 Sep 2019 12:22:12 -0400 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:47109 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726741AbfIQQWM (ORCPT ); Tue, 17 Sep 2019 12:22:12 -0400 Received: (from willy@localhost) by pcw.home.local (8.15.2/8.15.2/Submit) id x8HGLboc027929; Tue, 17 Sep 2019 18:21:37 +0200 Date: Tue, 17 Sep 2019 18:21:37 +0200 From: Willy Tarreau To: Lennart Poettering Cc: "Theodore Y. Ts'o" , Matthew Garrett , Linus Torvalds , "Ahmed S. Darwish" , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190917162137.GA27921@1wt.eu> References: <20190917052438.GA26923@1wt.eu> <2508489.jOnZlRuxVn@merkaba> <20190917121156.GC6762@mit.edu> <20190917155743.GB31567@gardel-login> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190917155743.GB31567@gardel-login> User-Agent: Mutt/1.6.1 (2016-04-27) Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Tue, Sep 17, 2019 at 05:57:43PM +0200, Lennart Poettering wrote: > Note that calling getrandom(0) "too early" is not something people do > on purpose. It happens by accident, i.e. because we live in a world > where SSH or HTTPS or so is run in the initrd already, and in a world > where booting sometimes can be very very fast. It's not an accident, it's a lack of understanding of the impacts from the people who package the systems. Generating an SSH key from an initramfs without thinking where the randomness used for this could come from is not accidental, it's a lack of experience that will be fixed once they start to collect such reports. And those who absolutely need their SSH daemon or HTTPS server for a recovery image in initramfs can very well feed fake entropy by dumping whatever they want into /dev/random to make it possible to build temporary keys for use within this single session. At least all supposedly incorrect use will be made *on purpose* and will still be possible to match what users need. > So even if you write a > program and you think "this stuff should run late I'll just > getrandom(0)" it might not actually be that case IRL because people > deploy it a slightly bit differently than you initially thought in a > slightly differently equipped system with other runtime behaviour... I agree with this, it's precisely because I think we should not restrict userspace capabilities that I want the issue addressed in a way that lets users do what they need instead of relying on dangerous workarounds. Just googling for "mknod /dev/random c 1 9" returns tens, maybe hundreds of pages all explaining how to fix the problem of non-booting systems. It simply proves that the kernel is not the place to decide what users are allowed to do. Let's give them the tools to work correctly and be responsible for their choices. They just need to be hit by bad choices to get some feedback from the field other than a new list of well-known SSH keys. Willy