Re: drivers/char/random.c: more ruminations

From: George Spelvin
Date: Wed Jun 11 2014 - 20:43:08 EST

Next message: Stephen Rothwell: "linux-next: manual merge of the samsung tree with Linus' tree"
Previous message: Thomas Gleixner: "Re: [patch 13/13] tomoyo: Use sensible time interface"
In reply to: Theodore Ts'o: "Re: drivers/char/random.c: more ruminations"
Next in thread: H. Peter Anvin: "Re: drivers/char/random.c: more ruminations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> It's not something where if the changes required massive changes, that
> I'd necessarily feel the need to backport them to stable. It's a
> certificational weakness, but it's a not disaster.

Agreed! It's been there for years, and I'm not too worried. It takes
a pretty tight race to cause the problem in the first place.

As you note, it only happens with a full pool (already a very secure
situation), and the magnitude is limited by the size of entropy additions,
which are normally small.

I'm just never happy with bugs in security-critical code. "I don't
think that bug is exploitable" is almost as ominous a phrase as "Y'all
watch this!"
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephen Rothwell: "linux-next: manual merge of the samsung tree with Linus' tree"
Previous message: Thomas Gleixner: "Re: [patch 13/13] tomoyo: Use sensible time interface"
In reply to: Theodore Ts'o: "Re: drivers/char/random.c: more ruminations"
Next in thread: H. Peter Anvin: "Re: drivers/char/random.c: more ruminations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]