Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness

From: Jason A. Donenfeld
Date: Wed Jun 21 2017 - 20:05:07 EST

Next message: Eric W. Biederman: "Re: [PATCH v6 00/10] Implement NVMe Namespace Descriptor Identification"
Previous message: Andi Kleen: "[PATCH 1/4] perf/x86: Move Nehalem PEBS code to flag"
In reply to: Theodore Ts'o: "Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness"
Next in thread: Jeffrey Walton: "Re: [PATCH] random: silence compiler warnings and fix race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Ted,

On Wed, Jun 21, 2017 at 10:38 PM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> I agree completely with all of this. The following patch replaces the
> current topmost patch on the random.git tree:
> For developers who want to work on improving this situation,
> CONFIG_WARN_UNSEEDED_RANDOM has been renamed to
> CONFIG_WARN_ALL_UNSEEDED_RANDOM. By default the kernel will always
> print the first use of unseeded randomness. This way, hopefully the
> security obsessed will be happy that there is _some_ indication when
> the kernel boots there may be a potential issue with that architecture
> or subarchitecture. To see all uses of unseeded randomness,
> developers can enable CONFIG_WARN_ALL_UNSEEDED_RANDOM.

Seems fine to me.

Acked-by: Jason A. Donenfeld <Jason@xxxxxxxxx>

Jason

Next message: Eric W. Biederman: "Re: [PATCH v6 00/10] Implement NVMe Namespace Descriptor Identification"
Previous message: Andi Kleen: "[PATCH 1/4] perf/x86: Move Nehalem PEBS code to flag"
In reply to: Theodore Ts'o: "Re: [kernel-hardening] [PATCH] random: warn when kernel uses unseeded randomness"
Next in thread: Jeffrey Walton: "Re: [PATCH] random: silence compiler warnings and fix race"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]