Re: CONFIG_RANDOM (compromise?)

Martin.Dalecki (dalecki@namu23.Num.Math.Uni-Goettingen.de)
Fri, 17 May 1996 10:14:27 +0200 (MET DST)


On Thu, 16 May 1996, Theodore Y. Ts'o wrote:

> Putting in a light version of /dev/random is an extremely bad idea,
> because now the application won't know whether or not /dev/random is
> really secure, and so applications won't use it.

In my version they can simply test for the aviability by trying to write
to the device, trying to call an specific ioctl on it and therelike.

> A very large number of the newbies will have new computers --- purchase
> of new computers, like many things in the computer industry, is
> following an exponential growth curve still.
>
> If some hacker wants do something stupid to their own kernel, like
> disable /proc, or System V IPC (which will do really amusing things,

Disabling System V IPC dosen't hurt me in any way. I'm using my Linux box
mainly for nummerical prgramming, tex and X11 as an xterm, launcher. No
one of those uses System V IPC. OK /proc can't be disabled anymore by
this time.

> since most people are using an Init which requires it), or disable
> /dev/random, they can do it by hacking the kernel source. But we

No one of the mainstream progamms uses /dev/random!

> shouldn't make it easy for people to hurt themselves.
>
> You are asking for 16kB of unswappable kernel memory on every Linux
>
> On a 4 megabyte machine, that's 0.4% of memory. On a 16 megabyte
> machine, that's 0.09% of memory. The kernel on my machine (which is
> using modules, so the actual running kernel is uses much more memory) is
> 768k unpacked. 16kb of that is 2% of the entire kernel.
>

0.4% here 0.4% there and we will soon see a kernel which doesn't fit
anymore, even when compressed, onto a 3.5inch disk :-).

Marcin