From: Andi Kleen <andi@firstfloor.org>
To: Kees Cook <kees.cook@canonical.com>
Cc: Andi Kleen <andi@firstfloor.org>,
Roland McGrath <roland@redhat.com>,
linux-kernel@vger.kernel.org, Jakub Jelinek <jakub@redhat.com>,
Ulrich Drepper <drepper@redhat.com>,
libc-alpha@sourceware.org
Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
Date: Tue, 7 Oct 2008 01:19:42 +0200 [thread overview]
Message-ID: <20081006231942.GO3180@one.firstfloor.org> (raw)
In-Reply-To: <20081006220101.GK10357@outflux.net>
On Mon, Oct 06, 2008 at 03:01:01PM -0700, Kees Cook wrote:
> > Since so many systems have poor entropy input /dev/urandom has generally
> > replaced /dev/random for near all cryptographic software, so it's
> > just the new black.
>
> If I understand, you're suggesting that ASLR doesn't need to be strong,
> and that there should be something besides get_random* used to produce
> these values? If that's true, that has nothing to do with the patch
> I've suggested (i.e. we have an immediate need and I'm solving it using
> the current available solutions.) (Additionally, I think ASLR should be
> as strong as possible.)
Sure in a perfect world we had endless money and endless entropy
and no world hunger and could make all such RNGs truly random.
But in practice the world is not like that. And entropy on a standard
Linux system is a very precious commodity.
And you won't deny that session keys are more important than mmap
placement, will you?
>
> If instead, you're saying that the use of urandom has generally caused
> a drain on entropy, and ASLR is suffering, then does it matter that a
> few more bytes are used for the stack guard? I'm just not clear what
It's eating entropy on every process start, so it's a incredible
drain on the entropy pool. Just calculate how much entropy
a standard "configure" run or kernel build will need.
> direction you're trying to aim my patch. :)
>
> I'd really love to see this solved. My goal is to get a mainline glibc
> patch for a low-cost randomized stack guard value.
Your current implementation is high cost.
> Ulrich has a set of
> requirements, and it sounds like there's a growing new set of requirements
> from the kernel folks. What's needed to sort this out?
IMHO it needs a new class of random numbers in the kernel that use
some cryptographically strong RNG (there are a couple of candidates
like yarrow) which is very rarely seeded
from the entropy pool[1] and use that for these applications.
A couple of other users in the kernel would benefit that too,
most users of get_random_bytes() probably should be reviewed
for their true requirements.
Ideally expose it to userland too so that dumb users like
tmpfile can use it too.
An alternative would be also to use existing entropy sources
like the TPMs which are in many boxes now better and automatically,
but that doesn't help on systems without TPM.
-Andi
[1] getting that right is tricky, note that the entropy pool
is useless early at boot because there's no random input.
--
ak@linux.intel.com
next prev parent reply other threads:[~2008-10-06 23:13 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20081001201116.GD12527@outflux.net>
[not found] ` <48E3EFD6.2010704@redhat.com>
[not found] ` <20081001215657.GH12527@outflux.net>
[not found] ` <20081001220948.GC32107@sunsite.ms.mff.cuni.cz>
[not found] ` <20081001222706.68E7E1544B4@magilla.localdomain>
2008-10-03 0:16 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Kees Cook
2008-10-03 0:43 ` Jakub Jelinek
2008-10-03 5:25 ` Kees Cook
2008-10-03 5:29 ` Kees Cook
2008-10-03 5:57 ` Arjan van de Ven
2008-10-03 6:25 ` Ulrich Drepper
2008-10-03 14:50 ` [PATCH] ELF: implement AT_RANDOM for glibc PRNG seeding Kees Cook
2008-10-03 14:56 ` Ulrich Drepper
2008-10-03 14:57 ` Jakub Jelinek
2008-10-03 17:33 ` Kees Cook
2008-10-03 17:41 ` Ulrich Drepper
2008-10-03 17:59 ` [PATCH v5] " Kees Cook
2008-10-18 5:42 ` Ulrich Drepper
2008-10-21 20:01 ` Andrew Morton
2008-10-21 20:22 ` Ulrich Drepper
2008-10-27 5:46 ` Andrew Morton
2008-10-03 0:52 ` [PATCH] ELF: implement AT_RANDOM for future glibc use Roland McGrath
2008-10-03 5:15 ` Kees Cook
2008-10-03 20:22 ` Roland McGrath
2008-10-06 6:00 ` Andi Kleen
2008-10-06 17:50 ` Kees Cook
2008-10-06 18:25 ` David Wagner
2008-10-06 20:23 ` Andi Kleen
2008-10-06 22:16 ` David Wagner
2008-10-06 19:26 ` Andi Kleen
2008-10-06 22:01 ` Kees Cook
2008-10-06 23:19 ` Andi Kleen [this message]
2008-10-06 23:29 ` Kees Cook
2008-10-06 23:44 ` Andi Kleen
2008-10-06 22:07 ` Kees Cook
2008-10-06 23:28 ` Andi Kleen
2008-10-06 23:58 ` Roland McGrath
2008-10-07 0:08 ` Ulrich Drepper
2008-10-07 0:31 ` Kees Cook
2008-10-07 0:57 ` Ulrich Drepper
2008-10-07 1:44 ` Kees Cook
2008-10-07 1:51 ` Ulrich Drepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081006231942.GO3180@one.firstfloor.org \
--to=andi@firstfloor.org \
--cc=drepper@redhat.com \
--cc=jakub@redhat.com \
--cc=kees.cook@canonical.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roland@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).