Re: Linux 5.3-rc8
From: Willy Tarreau
Date: Mon Sep 16 2019 - 15:09:29 EST
On Mon, Sep 16, 2019 at 10:44:31AM -0700, Linus Torvalds wrote:
> - add new GRND_SECURE and GRND_INSECURE flags that have the actual
> useful behaviors that we currently pretty much lack
>
> - consider the old 0-3 flag values legacy, deprecated, and unsafe
> because they _will_ time out to fix the existing problem we have right
> now because of their bad behavior.
I think we can keep a flag to work like the current /dev/random and
deplete entropy for the very rare cases where it's really desired
to run this way (maybe even just for research), but it should require
special permissions as it impacts the whole system.
I think that your GRND_SECURE above means the current 0 situation,
where we wait for initial entropy then not wait anymore, right ? If
so it could remain the default setting, because at least it will not
betray applications which rely on this reliability. And GRND_INSECURE
will be decided on a case by case basis by applications that are caught
waiting like sfdisk in initramfs or a MAC address generator for example.
In this case it could even be called GRND_PREDICTABLE maybe to enforce
its property compared to others.
My guess is that we can fix the situation because nobody likes the
problems that sporadically hit users. getrandom() was adopted quite
quickly to solve issues related to using /dev/*random in chroots,
I think the new flags will be adopted by those experiencing issues.
Just my two cents,
Willy