[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

re: a small C program to test xdm's /dev/mem reading on your architecture



   
   On Mon, Aug 26, 2002 at 04:28:38PM +1000, matthew green wrote:
   > wow, this is such a bad idea.
   
   It originated upstream.

mmm, xdm.
   
   In fact, judging by CVS logs it has been in xdm's source for many, many
   years.

bad ideas often hang around for a long time.  the only surprising
thing to me is how long this one has taken to surface...

   
   > why don't you use /dev/urandom if it exists, as it does on pretty
   > much all modern UNIX platforms?
   > 
   > *shudder*
   
   I see you haven't read the thread.


actually, i hadn't, but there wasn't very much there besides the
fact that people found it was xdm reading /dev/mem and a small
patch for debian to enable /dev/random (i'd suggest /dev/urandom).

my point is that on modern systems we simply should not read
from /dev/mem for these purposes _ever_.  so far it has shown to
be unsafe on at least:

	- ia64
	- arm
	- mips
	- ultrasparc

i'm sure there are more...

i don't see the purpose in running the program you posted - we
shouldn't care whether it works, just don't do it.  i'm going to
patch NetBSD xsrc shortly to fix this if it isn't already...


.mrg.



Reply to: