Bugtraq mailing list archives
[patch] fix for urandom read(2) not interruptible
From: andrea () E-MIND COM (Andrea Arcangeli)
Date: Sun, 27 Dec 1998 20:40:32 +0100
After having read phrak54 about Linux /dev/u?random (and this is the reason
I am CCing also to bugtraq ;), I was playing a bit
with the random driver it and I noticed that was difficult to kill `dd
if=/dev/urandom of=/dev/null bs=100000k count=20000' once started ;)). The
machine was eavily loaded and the process was unkillable and I the fastest
thing to restore the system is been a reset...
It's a bug in random.c that doesn' t check for signal pending inside the
read(2) code, so you have no chance to kill the process via signals until
the read(2) syscall is finished, and it could take a lot of time before
return, if the buffer given to the read syscall is very big...
Here the fix against 2.1.132:
Index: linux/drivers/char/random.c
diff -u linux/drivers/char/random.c:1.1.1.1 linux/drivers/char/random.c:1.1.1.1.2.3
--- linux/drivers/char/random.c:1.1.1.1 Fri Nov 20 00:02:25 1998
+++ linux/drivers/char/random.c Sun Dec 27 20:19:16 1998
@@ -232,6 +232,11 @@
* Eastlake, Steve Crocker, and Jeff Schiller.
*/
+/*
+ * Added a check for signal pending in the extract_entropy() loop to allow
+ * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli
+ */
+
#include <linux/utsname.h>
#include <linux/config.h>
#include <linux/kernel.h>
@@ -1269,7 +1274,14 @@
buf += i;
add_timer_randomness(r, &extract_timer_state, nbytes);
if (to_user && current->need_resched)
+ {
+ if (signal_pending(current))
+ {
+ ret = -EINTR;
+ break;
+ }
schedule();
+ }
}
/* Wipe data just returned from memory */
And here a fix against 2.0.36:
--- linux/drivers/char/random.c.orig Sun Dec 27 20:22:53 1998
+++ linux/drivers/char/random.c Sun Dec 27 20:24:17 1998
@@ -226,6 +226,11 @@
* Eastlake, Steve Crocker, and Jeff Schiller.
*/
+/*
+ * Added a check for signal pending in the extract_entropy() loop to allow
+ * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli
+ */
+
#include <linux/config.h> /* CONFIG_RST_COOKIES and CONFIG_SYN_COOKIES */
#include <linux/utsname.h>
#include <linux/kernel.h>
@@ -1004,7 +1009,14 @@
buf += i;
add_timer_randomness(r, &extract_timer_state, nbytes);
if (to_user && need_resched)
+ {
+ if (signal_pending(current))
+ {
+ ret = -EINTR;
+ break;
+ }
schedule();
+ }
}
/* Wipe data from memory */
Andrea Arcangeli
Current thread:
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
- lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
- Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
- [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)
- Oracle8 TNSLSNR DoS Jason Ackley (Dec 28)
- ssh2 security problem (and patch) (fwd) Darren Reed (Dec 29)
- Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Simson L. Garfinkel (Dec 29)
- Local/remote exploit for SCO UNIX. leshka (Dec 29)
- followup on yahoo pager security problem Neulinger, Nathan R. (Dec 29)
- Nmap 2.02 released (fwd) Chris Tobkin (Dec 29)
- netscan.org - broadcast ICMP list Troy Davis (Dec 29)
- Administrivia Aleph One (Dec 30)