Jacques Gelinas wrote:
>
> I have announced a project (see my signature) to run several virtual servers
> on a single box (single kernel as well). The vservers are real linux distribution
> running in a chroot/chbind/chcontext and capability limited environment.
>
> While looking at the kernel we found out that writing to /dev/random is
> not controlled by any capability. We are providing a /dev/random in
> the vservers with permission 644, so it can be used.
>
> Is this a security issue if an administrator of a vserver is allowed to write
> in /dev/random ?
My understanding is that anything written to /dev/random is stirred into the
pool without incrementing the entropy count. Thus, it shouldn't be an issue.
Chris
-- Chris Friesen | MailStop: 043/33/F10 Nortel Networks | work: (613) 765-0557 3500 Carling Avenue | fax: (613) 765-2986 Nepean, ON K2H 8E9 Canada | email: cfriesen@nortelnetworks.com - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Oct 23 2001 - 21:00:24 EST