berendi2WEBDESIGN.HU

• Next message: Ari Gordon-Schlosberg: "Re: Evil Cookies."
• Previous message: Craig Brozefsky: "Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0"
• In reply to: antirez: "Re: Tempfile vulnerabilities"
• Next in thread: Marc Lehmann: "Re: Tempfile vulnerabilities"
• Reply: Peter Berendi: "Re: Tempfile vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 5 Feb 2000, antirez wrote:
> Sure but there is another problem, while evil user exec 'cat /dev/random >
> /dev/null &' maybe that the following results in an infinite loop:
>
> while(there_are_enougt_entropy() == 0)
> sleep(1);
> /* race -- what if the evil user starts to deplate the entropy pool here? */
> get_entropy_from_randomdev();
>
> Can be so easy to DoS cryptographic software?

Because of this, crypto software should open /dev/random in blocking mode.

random_fd = open("/dev/random", O_RDONLY);
read(random_fd, &seed, sizeof(seed));

At least it will not stop, but progress very slowly.

I became curious, and straced my ssh client (1.2.26, debian/slink) while
running cat /dev/random >/dev/null. I saw

open("/dev/random", O_RDONLY) = 5
fcntl(5, F_SETFL, O_RDONLY|O_NONBLOCK) = 0
read(5, 0xbfffcdfc, 32) = -1 EAGAIN (Resource temporarily
unavailable)

three times in the strace output, none were successful. Interesting, since
I never ran ssh as root before (now needed for strace), therefore I didn't
even have a .ssh/random_seed file. I think it should at least complain and
request confirmation.

--
PLESR | This great thing can be swallowed,
WRTED | But can also swallow us.
SHALT
CAOAY

• Next message: Ari Gordon-Schlosberg: "Re: Evil Cookies."
• Previous message: Craig Brozefsky: "Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0"
• In reply to: antirez: "Re: Tempfile vulnerabilities"
• Next in thread: Marc Lehmann: "Re: Tempfile vulnerabilities"
• Reply: Peter Berendi: "Re: Tempfile vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]