Re: [PATCH] random: reject negative RNDADDENTROPY sizes early
From: Theodore Tso
Date: Sun Jun 28 2026 - 22:13:06 EST
On Sun, Jun 28, 2026 at 01:42:27PM -0500, Jakub Stasiak wrote:
> Reject negative len values at the ioctl boundary instead. This avoids
> relying on the later import and write paths, and prevents an invalid
> request from mixing user data into the pool at the clamped length
> instead of the requested len before returning -EFAULT. Consider this
> defense in depth.
The patch isn't wrong per se, but defense in depth against what? This
ioctl() requires root privileges, and so it's not something where we
would need to worry about an attacker passing in invalid data to the
ioctl. If you have CAP_SYS_ADMIN, there is far more mischief you
could do....
- Ted