[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#325369: marked as done (kdebase: kdm should NOT use /dev/urandom -- doing so deliberately weakens the security of the system)



Your message dated Wed, 13 Jun 2007 22:38:37 +0200
with message-id <20070613203837.GA14301@galadriel.inutil.org>
and subject line kdebase: kdm should NOT use /dev/urandom -- doing so deliberately weakens the security of the system
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: kdebase
Version: 4:3.4.2-1
Severity: important
Tags: security

I strenuously disagree with the upstream decision taken to point kdm at
/dev/urandom instead of /dev/random for entropy.

Using /dev/urandom is fine for unserious application that need a source of
(pseudo-)random numbers, such as games.

Display managers like kdm and xdm do not read /dev/random for frivolous
purposes, however -- they use it to get a seed for a session authorization
key (in the case of xdm, for the XDM-AUTHORIZATION-1 protocol, and maybe
MIT-MAGIC-COOKIE-1 as well).

A few years ago someone (maybe it was me, I don't remember) wrote a patch
to xdm that implements a "randomStream" resource -- older version of xdm,
from which kdm was forked a long time ago, used "/dev/mem" as its entropy
source, and as that file was not anywhere to close to entropic, the code
would read 8MB of data and hash it.

Reading 8MB from /dev/random is indeed stupid -- but reading that much data
from /dev/urandom instead is not the right fix.  The right fix is to read
only the data you need from a known entropic source.  In the case of xdm
(and almost certainly kdm), that's just a few bytes.

Reading the bits for the crypto key from /dev/urandom might be fine for
distributions like Linspire that run the graphical desktop as root by
default, but it's not for us.  We should be as secure as we can reasonably
be by default.

Once #76336 was fixed, the complaints I was getting about xdm taking
"forever" to start ceased.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76336;archive=yes

If you'd like to discuss this further, I suggest the debian-devel mailing
list.  It may be that most people disagree with me, though I hope not.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: powerpc (ppc)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-powerpc-smp
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)


--- End Message ---
--- Begin Message ---
Branden Robinson wrote:
> Package: kdebase
> Version: 4:3.4.2-1
> Severity: important
> Tags: security
> 
> I strenuously disagree with the upstream decision taken to point kdm at
> /dev/urandom instead of /dev/random for entropy.
> 
> Using /dev/urandom is fine for unserious application that need a source of
> (pseudo-)random numbers, such as games.

Linux' PRNG provides quality randomization for /dev/urandom, it's not
comparable with /dev/urandom from legacy Unix clones. See random(4) for
details. Plus, it's non-blocking.

Cheers,
        Moritz

--- End Message ---

Reply to: