Re: SSP for Debian unstable. was Re: security enhanced debian branch?
On Mon, 5 Jan 2004 01:33, Jochen Voss <voss@seehuhn.de> wrote:
> On Sun, Jan 04, 2004 at 02:01:52PM +0100, Richard Atterer wrote:
> > But surely depleted entropy is only a concern for /dev/random, not
> > /dev/urandom? AFAIK, the latter uses a PRNG, which outputs arbitrary
> > amounts of pseudo-random data.
>
> No, /dev/urandom shares the entropy pool with /dev/random and
> will eventually drain it, too. The initial comment of the
If an application deserves access to /dev/urandom should they also deserve
access to /dev/random?
It seems to me that an application which wanted to drain the entropy pool
could just schedule reads from /dev/random and know it's done the job when it
starts to block. In 2.6.0 it seems that this does not cause any noticable
use of CPU time or any other symptom that would lead an administrator to
suspect such an attack. Reading from /dev/urandom leads to high CPU use, and
even so it will be difficult for an attacker to know that they have
succeeded.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: