Re: Concurrent access to /dev/urandom

From: Pavel Machek
Date: Sun Dec 12 2004 - 11:22:08 EST


Hi!

> > Actually, I think this is a security issue. Since any plain old program can
> > read from /dev/urandom at any time, an attacker could attempt to read from
> > that device at the same moment some other program is doing so, and thereby
> > gain some knowledge as to the other program's state.
>
> It could be a potential exploit, but....
>
> (a) it only applies on SMP machines
> (b) it's not a remote exploit; the attacker needs to have
> the ability to run arbitrary programs on the local
> machine
> (c) the attacker won't get all of other programs' reads of
> /dev/urandom, and
> (d) the attacker would have to have a program continuously
> reading from /dev/urandom, which would take up enough
> CPU time that it would be rather hard to hide.
>
> That's not to say that we shouldn't fix it at our earliest
> convenience, and I'd urge Andrew to push this to Linus for 2.6.10 ---
> but I don't think we need to move heaven and earth to try to
> accelerate the 2.6.10 release process, either.


"Johanka, you really need to generate your own gpg key"

(Starts monitoring johanka by ps -aux, and when time is right,
attempts to read /dev/urandom to get same random seed Johanka got.

And BTW it could be made remote expoit if some application sends data
from urandom to the net. I'd not be surprised if some authentication
program generated challenges from /dev/urandom.
Pavel
--
People were complaining that M$ turns users into beta-testers...
...jr ghea gurz vagb qrirybcref, naq gurl frrz gb yvxr vg gung jnl!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/