Re: drivers/char/random.c: more ruminations

From: George Spelvin
Date: Wed Jun 11 2014 - 20:43:08 EST


> It's not something where if the changes required massive changes, that
> I'd necessarily feel the need to backport them to stable. It's a
> certificational weakness, but it's a not disaster.

Agreed! It's been there for years, and I'm not too worried. It takes
a pretty tight race to cause the problem in the first place.

As you note, it only happens with a full pool (already a very secure
situation), and the magnitude is limited by the size of entropy additions,
which are normally small.

I'm just never happy with bugs in security-critical code. "I don't
think that bug is exploitable" is almost as ominous a phrase as "Y'all
watch this!"
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/