Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Tempfile vulnerabilities
From: marc () GIMP ORG (Marc Lehmann)
Date: Wed, 9 Feb 2000 00:27:43 +0100

/dev/random -- a world readable device -- should do the following:

    cat /dev/random > /dev/null &

Crypto software which uses those devices should be doing some kind of
checking to make sure that they are getting at least good entropy.  I

On linux at least, the above is at most a denial of service attack, as
/dev/random does not deliver any data when it runs out of entropy (and
programs usually are prepared to wait for data on that devices for some

On linux/x86, moving my mouse generates >400bytes/s random data (this is
currently specific to x86), and if two processes listen on /dev/random,
both get about half the random data, so it seems that there isn't even a
denial of service attack here.

      -----==-                                             |
      ----==-- _                                           |
      ---==---(_)__  __ ____  __       Marc Lehmann      +--
      --==---/ / _ \/ // /\ \/ /       pcg () opengroup org |e|
      -=====/_/_//_/\_,_/ /_/\_\       XX11-RIPE         --+
    The choice of a GNU generation                       |

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]