Re: Want to help fix xdm on MIPS

To: debian-x@lists.debian.org
Subject: Re: Want to help fix xdm on MIPS
From: Branden Robinson <branden@debian.org>
Date: Sun, 18 Aug 2002 18:59:03 -0500
Message-id: <[🔎] 20020818235903.GH10542@deadbeast.net>
Mail-followup-to: debian-x@lists.debian.org
In-reply-to: <[🔎] 20020818224525.A2988@gandalf.physik.uni-konstanz.de>
References: <[🔎] 20020812092317.GC16164@bogon.ms20.nix> <[🔎] 20020812113904.77699d03.mike@overlord.linux-dude.com> <[🔎] 20020812181512.A30717@gandalf.physik.uni-konstanz.de> <[🔎] 20020812123511.1b79f014.mike@overlord.linux-dude.com> <[🔎] 20020812215521.A10163@gandalf.physik.uni-konstanz.de> <[🔎] 20020818032118.GT1575@deadbeast.net> <[🔎] 20020818224525.A2988@gandalf.physik.uni-konstanz.de>

On Sun, Aug 18, 2002 at 10:45:25PM +0200, Guido Guenther wrote:
> On Sat, Aug 17, 2002 at 10:21:18PM -0500, Branden Robinson wrote:
> > Edit xc/programs/xdm/Imakefile to:
> > * add DEV_RANDOM to the defines passed to the compiler ifdef
> >   LinuxArchitecture
> > * add ArmArchitecture, IA64Architecture, and MipsArchitecture to the
> >   list to the list for those for which FRAGILE_DEV_MEM is defined
> >   (will this actually solve the problem even in the absence of the prior
> >   fix?)
> FRAGILE_DEV_MEM just skips the first MB of memory. This is unlikely to
> be o.k. for a all architectures.

Hmph.  So we either need to come up with a solution for each
architecture where linear reads from /dev/mem into the stratosphere
cause problems, or we need to use something other than /dev/mem
altogether.

As it happens, the second patch above is going into 0pre1v3 because I
want to see if helps *any* of the architectures.

> > What do you guys think?  These #defines only affect genauth.c.
> So we set "#define DEV_RANEOM /dev/urandom"? Does this have an impact on
> security?

I'm not aware of any security implications of reading from /dev/urandom
that aren't already discussed in random(4).  It certainly seems safer to
me than reading from /dev/mem!

(Though, to be fair, I cannot see any way to get xdm to read and return
information from /dev/mem without hacking the source.)

Xdm doesn't need that much data, though (note that it only reads gobs of
data in the #ifndef DEV_RANDOM case; in other words, when it has a
non-entropic source).  I'm tempted to have it read from /dev/random and
get real entropy.  People's X sessions need as much security as we can
afford to give them, and helping to frustrate attacks on the
authorization key seems a responsible thing to do.

In the long run, I'd like to solve the arch-specific /dev/mem problem as
well, for the sake of a patch to be sent upstream for the benefit of the
poor folks who don't have systems with a /dev/{u,}random.

-- 
G. Branden Robinson                |    Build a fire for a man, and he'll
Debian GNU/Linux                   |    be warm for a day.  Set a man on
branden@debian.org                 |    fire, and he'll be warm for the
http://people.debian.org/~branden/ |    rest of his life. - Terry Pratchett

Attachment: pgp6Khgbin1i3.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Want to help fix xdm on MIPS
  - From: Guido Guenther <agx@debian.org>

References:
- Re: Want to help fix xdm on MIPS
  - From: Guido Guenther <agx@debian.org>
- Re: Want to help fix xdm on MIPS
  - From: Mike Martin <mike@overlord.linux-dude.com>
- Re: Want to help fix xdm on MIPS
  - From: Guido Guenther <agx@debian.org>
- Re: Want to help fix xdm on MIPS
  - From: Mike Martin <mike@overlord.linux-dude.com>
- Re: Want to help fix xdm on MIPS
  - From: Guido Guenther <agx@debian.org>
- Re: Want to help fix xdm on MIPS
  - From: Branden Robinson <branden@debian.org>
- Re: Want to help fix xdm on MIPS
  - From: Guido Guenther <agx@debian.org>

Prev by Date: Re: Want to help fix xdm on MIPS
Next by Date: Re: Want to help fix xdm on MIPS
Previous by thread: Re: Want to help fix xdm on MIPS
Next by thread: Re: Want to help fix xdm on MIPS
Index(es):
- Date
- Thread