Re: [PATCH 2/2] lguest: virtio-rng support

From: H. Peter Anvin
Date: Sat May 17 2008 - 12:03:24 EST


Rusty Russell wrote:
Uhm, no. It's not. Unless the host provides actual entropy
information, you have a security hole.

Huh? We just can't assume it adds entropy. AFAICT rngd -H0 is what we want here.

We can, if it comes from /dev/random.

If we use /dev/random in the host, we risk a DoS. But since /dev/random
is 0666 on my system, perhaps noone actually cares?
There is no point in feeding the host /dev/urandom to the guest (except for seeding, which can be handled through other means); it will do its own mixing anyway.

Seeding is good, but unlikely to be done properly for first boot of some standard virtualized container. In practice, feeding /dev/urandom from the host will make /dev/urandom harder to predict in the guest.

Only up to a point.

The reason to provide anything at all from the host is to give it "golden" entropy bits.

But you did not address the DoS question: can we ignore it? Or are we trading off a DoS in the host against a potential security weakness in the guest?

If so, how do we resolve it?

I don't think you have a DoS situation at all. The worst thing is that you don't have any entropy available at all, at which point /dev/urandom is as insecure as it ever is.

-hpa

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/