Re: [PATCH] ELF: implement AT_RANDOM for future glibc use

From: Kees Cook
Date: Mon Oct 06 2008 - 18:09:09 EST

Next message: Boris Fersing: "Re: bad DMAR interaction with iwlagn and SATA"
Previous message: Corey Minyard: "Re: [PATCH 3/3] Convert the UDP hash lock to RCU"
In reply to: Andi Kleen: "Re: [PATCH] ELF: implement AT_RANDOM for future glibc use"
Next in thread: Andi Kleen: "Re: [PATCH] ELF: implement AT_RANDOM for future glibc use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 06, 2008 at 09:26:41PM +0200, Andi Kleen wrote:
> > We're already using get_random* for stack, heap, and brk. Also,
> > get_random* uses the nonblocking pool, so this is the same as if userspace
> > had tried to pull bytes out of /dev/urandom, which (as I understand it)
>
> Yes exactly that's the problem. Think about it: do you really
> need the same cryptographic strength for your mmap placement
> as you need for your SSL session keys?
>
> And if you need true entropy for your session keys do you
> still get it when it was all used for low security
> purposes first?

Off-list I was just shown random32(). If AT_RANDOM used that instead,
would that be acceptable?

--
Kees Cook
Ubuntu Security Team
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Boris Fersing: "Re: bad DMAR interaction with iwlagn and SATA"
Previous message: Corey Minyard: "Re: [PATCH 3/3] Convert the UDP hash lock to RCU"
In reply to: Andi Kleen: "Re: [PATCH] ELF: implement AT_RANDOM for future glibc use"
Next in thread: Andi Kleen: "Re: [PATCH] ELF: implement AT_RANDOM for future glibc use"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]