Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL

To: debian-devel@lists.debian.org
Subject: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
From: Russ Allbery <rra@debian.org>
Date: Wed, 16 Jul 2014 13:17:23 -0700
Message-id: <[🔎] 87vbqxawj0.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 1405541576.2453.69.camel@deadeye.wl.decadent.org.uk> (Ben Hutchings's message of "Wed, 16 Jul 2014 21:12:56 +0100")
References: <[🔎] 20140711220627.24261.14073.reportbug@spruce.wiehl.oeko.net> <[🔎] 20140716020647.GA13456@cassiel.pault.ag> <[🔎] 53C6CA6E.1050308@pyro.eu.org> <[🔎] 87ha2hcch6.fsf@windlord.stanford.edu> <[🔎] 1405541576.2453.69.camel@deadeye.wl.decadent.org.uk>

Ben Hutchings <ben@decadent.org.uk> writes:
> On Wed, 2014-07-16 at 12:47 -0700, Russ Allbery wrote:

>> It would be nice to have a reliable kernel interface for getting
>> randomness rather than relying on proper chroot configuration.

> There is such an interface.  It happens to be a char device.  Expecting
> administrators to create /dev/urandom in a chroot is no more
> unreasonable than expecting them to create /dev/null or /dev/zero.

I'm not a big fan of that either.  :)  Also, I think it's relatively rare
for a library to require those devices exist for secure behavior, although
perhaps I'm just not knowledgable in this area.

>> I'm not sure sysctl should be that mechanism, but I'm quite sympathetic
>> to the LibreSSL developers here.  Relying on a device being present in
>> a chroot seems rather dubious.

> Less so than blundering on without entropy.

Oh, certainly.  I'm in favor of aborting in libssl if /dev/urandom isn't
available.  But it bothers me that one could get to that point.  It seems
like an easy mistake for someone to make, and it seems somehow unclean to
require access to a char device for randomness.

I'm sure I'll get over it, but I do agree with the feeling that a lot more
can go wrong when trying to open a character device than with some of the
other approaches suggested.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Johannes Schauer <j.schauer@email.de>

References:
- Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Toni Mueller <support@oeko.net>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Paul Tagliamonte <paultag@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Steven Chamberlain <steven@pyro.eu.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by Date: Re: Java 9 dropping support for source/target level 1.5
Previous by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Next by thread: Re: Bug#754513: ITP: libressl -- SSL library, forked from OpenSSL
Index(es):
- Date
- Thread