Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Tempfile vulnerabilities
From: vonbrand () SLEIPNIR VALPARAISO CL (Horst von Brand)
Date: Wed, 9 Feb 2000 11:03:11 -0300

Seth David Schoen <schoen () LOYALTY ORG> said:


An intermediate possibility is to have multiple RNGs with multiple sources
of entropy, or multiple RNGs with entropy divided among them somehow, or
a single RNG which enforces a reasonable policy of some sort when multiple
processes want to access it at once.

Linux has /dev/random (real random) and /dev/urandom (generated with help
of a RNG if not enough entropy in /dev/random). Just shut off people from
using /dev/random.

Modern multiuser operating systems have solved all _kinds_ of problems around
concurrency and dealing with contention over a shared resource.  There is
no reason that they should not be able to do exactly the same thing for an
entropy pool, if it becomes an issue.

The problem here is not a shared resource, it is a finite resource. And
solutions there (f.ex. disk space) are quotas or manual intervention. Sou
you'd have a /etc/random.quotas file saying which UID is allowed to use how
much entropy, and the kernel keeps track from there after being primed on
boot. Yuck.

Horst von Brand                             vonbrand () sleipnir valparaiso cl
Casilla 9G, ViƱa del Mar, Chile                               +56 32 672616

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]