Re: Having a single, good arc4random in Debian

To: debian-devel@lists.debian.org
Subject: Re: Having a single, good arc4random in Debian
From: Guillem Jover <guillem@debian.org>
Date: Tue, 19 Jan 2016 01:36:28 +0100
Message-id: <[🔎] 20160119003628.GB29234@gaara.hadrons.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 333F3349-2675-4CCB-825F-EDCA06D00E8E@kitterman.com> <[🔎] 87powyrcs8.fsf@hope.eyrie.org>

Hi!

On Mon, 2016-01-18 at 09:57:27 -0800, Russ Allbery wrote:
> Steven Chamberlain <steven@pyro.eu.org> writes:
> > I think it would be good for Debian to standardise on a single, good
> > arc4random implementation, available to any application that wants to
> > use it.
> 
> > I'd like it to become ubiquitous, on all Debian arches (and eventually
> > other distributions).  We should ensure applications do find it and use
> > it, instead of using risky fallbacks like rand(), getpid() and time().
> > (Scan build logs for "checking.*arc4random" for example).
> 
> > We could deprecate dozens of code copies, most of them unmaintained,
> > some having known security flaws that were fixed in later versions.

BTW, the implementation in libbsd uses ChaCha20 and getentropy(3)
since 0.8.0.

> I'm all in favor of this, but when working on this, please take the
> concerns of upstream into account.  libbsd is readily available on Debian,
> but I don't know if that's the case on the other systems that upstream is
> trying to support, so they're going to be understandably worried about
> portability.  Ideally, we wouldn't have to carry a ton of Debian-specific
> patches to do this, though.

I try to track the currently known (at least to me) downstreams in
the project main page <http://libbsd.freedesktop.org/wiki/>. Also I
consider portability a very important thing, so if there's a system
out there (even non-GNU) that's not supported, I'd appreciate bug
reports and/or patches!

> If someone could put together a kit for upstream with Autoconf probes and
> all the machinery for selectively using this implementation if libbsd is
> available, I think that would go a long way towards helping us actually
> achieve this.

If adding m4sugar macros would help I'd happily add those to libbsd.
Also libbsd can be used in a transparent way w/o any code modifications
by using its overlay, simply like this:

  ,---
  CFLAGS := $(shell pkg-config --cflags libbsd-overlay)
  LDFLAGS := $(shell pkg-config --libs libbsd-overlay)
  `---

I should probably document this better. :/

> Even better, of course, would be to get glibc to take the interface, since
> then all one needs is the Autoconf probes.  But I'm not sure how practical
> that really is.

I think this has been proposed in the past, and rejected, I'd not
expect this to happen TBH.

On Mon, 2016-01-18 at 13:08:32 -0500, Scott Kitterman wrote:
> I looked into this a last year or possibly the year before when I was
> trying to get an upstream to drop embedded copies of functions provided
> by libbsd.  I found it was packaged for all major Linux distributions,
> enough coverage to get the upstream in question to just depend on it
> being available.

Right, even samba uses it now. :)

Thanks,
Guillem

Reply to:

References:
- Re: Having a single, good arc4random in Debian
  - From: Russ Allbery <rra@debian.org>

Prev by Date: libmd (was Re: Having a single, good arc4random in Debian)
Next by Date: Bug#811448: ITP: tiny-initramfs -- A minimalistic initramfs implementation
Previous by thread: Libbsd availability was Re: Having a single, good arc4random in Debian
Next by thread: Bug#811398: ITP: ruby-interception -- Provides a cross-platform ability to intercept all exceptions as they are raised.
Index(es):
- Date
- Thread