Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp5689144ybe; Tue, 17 Sep 2019 11:54:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqzBmjdx0YN4C5g8MIiP2YTIiP3zpKFQF3SOuZwwVsfV3FK8f4lIgL9g+oKnV1opVC7iCeEj X-Received: by 2002:a17:906:400c:: with SMTP id v12mr6039968ejj.15.1568746466647; Tue, 17 Sep 2019 11:54:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1568746466; cv=none; d=google.com; s=arc-20160816; b=bXT/lJlRuTCz0twBKqSWwL3gRkJJkfFFXqAQwCkBhtn0Hyb2crheorwZGgAtbeRQs+ VcJKhTJ0oY96ANq0PthirNeyXWs09mjOUWFYLyPsrwvehuBU2eeb6qvtHOUHlvH5YPlw neS6GFObrx9yZ3xDQAyk03Oxs9cckGqhjKyedfUCytiQu9zLD1p8l0kWVHzTOAddbiS9 sHIMZoBu15634Zbx863hlEz/5dQ6x+T6Y+guDa5QDMMMnxpIXmX8DgEXg37kYgTF4Fm2 PnccJEX/y47vW43iQV8uHwU3JiQOQL6F1FtelF75KjVnwr0uC5kND0IyDXtTFu67xkcq HQbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=f16ltLeu6VVMkVUpVdQWnRwijqhItmnBfk7UTWJdGyw=; b=h0gMWYL1NRGnNSZ8pb5ckSqojIyhQS61E4mF2tFBRJvbh5+W5ZAQMvjgRSg+xDkgZY OMOnUCGl0yb+4ZkCY60nLDhXESVGR7J6UMLXghvhkoCNiXBHDuUZT3C+EQxErj3sMfmd NE/DDsnorVhMwlfTz2D/b8+5pjzaLqfkoY15emKDow8FfdG6w/UswcdBJpScg7tL7wUQ I4EV0BL4fwXrkSQcMjzryPtfgLqTNWbzTVDnlJ/nJbcGLgsdftRBnX51nLuFjm67poCy Nkg9Ppo97W5E7le3P+l1hXbeZvReGNjWmKwNznAGNzgQARQ4SOKiDo0E9X0Co2YYMyQx X2SQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v26si1672394ejw.276.2019.09.17.11.54.01; Tue, 17 Sep 2019 11:54:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-ext4-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727080AbfIQRNb (ORCPT + 99 others); Tue, 17 Sep 2019 13:13:31 -0400 Received: from gardel.0pointer.net ([85.214.157.71]:40706 "EHLO gardel.0pointer.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726134AbfIQRNb (ORCPT ); Tue, 17 Sep 2019 13:13:31 -0400 Received: from gardel-login.0pointer.net (gardel.0pointer.net [85.214.157.71]) by gardel.0pointer.net (Postfix) with ESMTP id 2C072E80FFC; Tue, 17 Sep 2019 19:13:29 +0200 (CEST) Received: by gardel-login.0pointer.net (Postfix, from userid 1000) id B6E09160ADC; Tue, 17 Sep 2019 19:13:28 +0200 (CEST) Date: Tue, 17 Sep 2019 19:13:28 +0200 From: Lennart Poettering To: Willy Tarreau Cc: "Theodore Y. Ts'o" , Matthew Garrett , Linus Torvalds , "Ahmed S. Darwish" , Vito Caputo , Andreas Dilger , Jan Kara , Ray Strode , William Jon McCann , "Alexander E. Patrakov" , zhangjs , linux-ext4@vger.kernel.org, lkml Subject: Re: Linux 5.3-rc8 Message-ID: <20190917171328.GA31798@gardel-login> References: <20190917052438.GA26923@1wt.eu> <2508489.jOnZlRuxVn@merkaba> <20190917121156.GC6762@mit.edu> <20190917155743.GB31567@gardel-login> <20190917162137.GA27921@1wt.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20190917162137.GA27921@1wt.eu> Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Di, 17.09.19 18:21, Willy Tarreau (w@1wt.eu) wrote: > On Tue, Sep 17, 2019 at 05:57:43PM +0200, Lennart Poettering wrote: > > Note that calling getrandom(0) "too early" is not something people do > > on purpose. It happens by accident, i.e. because we live in a world > > where SSH or HTTPS or so is run in the initrd already, and in a world > > where booting sometimes can be very very fast. > > It's not an accident, it's a lack of understanding of the impacts > from the people who package the systems. Generating an SSH key from > an initramfs without thinking where the randomness used for this could > come from is not accidental, it's a lack of experience that will be > fixed once they start to collect such reports. And those who absolutely > need their SSH daemon or HTTPS server for a recovery image in initramfs > can very well feed fake entropy by dumping whatever they want into > /dev/random to make it possible to build temporary keys for use within > this single session. At least all supposedly incorrect use will be made > *on purpose* and will still be possible to match what users need. What do you expect these systems to do though? I mean, think about general purpose distros: they put together live images that are supposed to work on a myriad of similar (as in: same arch) but otherwise very different systems (i.e. VMs that might lack any form of RNG source the same as beefy servers with muliple sources the same as older netbooks with few and crappy sources, …). They can't know what the specific hw will provide or won't. It's not their incompetence that they build the image like that. It's a common, very common usecase to install a system via SSH, and it's also very common to have very generic images for a large number varied systems to run on. Lennart -- Lennart Poettering, Berlin