From owner-freebsd-current Sun Nov 12 01:33:19 1995 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id BAA02029 for current-outgoing; Sun, 12 Nov 1995 01:33:19 -0800 Received: from grunt.grondar.za (grunt.grondar.za [196.7.18.129]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id BAA02011 ; Sun, 12 Nov 1995 01:32:57 -0800 Received: from grumble.grondar.za (grumble.grondar.za [196.7.18.130]) by grunt.grondar.za (8.6.12/8.6.9) with ESMTP id LAA05966; Sun, 12 Nov 1995 11:32:49 +0200 Received: from localhost (localhost [127.0.0.1]) by grumble.grondar.za (8.6.12/8.6.9) with SMTP id LAA24354; Sun, 12 Nov 1995 11:32:48 +0200 Message-Id: <199511120932.LAA24354@grumble.grondar.za> X-Authentication-Warning: grumble.grondar.za: Host localhost didn't use HELO protocol To: bruce@freebsd.org cc: current@freebsd.org Subject: /dev/random permissions etc Date: Sun, 12 Nov 1995 11:32:47 +0200 From: Mark Murray Sender: owner-current@freebsd.org Precedence: bulk Hi A couple of weeks ago I agreed that the right permissions for /dev/*random were 660 and owned by root.kmem. I have discussed this with the original author, and am now quite firmly of the opinion that this is bad. Here are my reasons: The original idea was that protecting these devices would help prevent denial-of-service attacks. I believe that this is not really valid given that easier amd harsher attacks are possible (fork bombs, disk fillers etc). It is easy to find a job that has gone crazy reading all the entropy. By making the device non-world-readable, forces programs like PGP to be at least setgid. MAJOR LOSE! An attacker can now read /dev/kmem using pgp! It also makes the device difficult to use, as the secure writing of set[gu]id programs is nortoriously unsafe ;-) The original author's idea was that /dev/urandom would be "sufficiently random", while /dev/random would be "as random as possible", so the latter device only gives as many bits of randomness at it believes it has. This does not mean that /dev/urandom has lousy numbers. On the contrary, it has very good numbers which only extremelely powerful adversaries with hefty computing power have a chance of breaking. Due to the nature of the MD5 algorithm used, chances of such breakages depend mainly on hitherto un{discovered|published} weaknesses in MD5. Future developments to this device will include users' ability to add randomess, and root's ability to increase or decrease the entropy estimate. This will require the device to be world readable and writeable. I am going to set /dev/*random to mode 666 owner root.wheel (like /dev/null) and put them in the same paragraph (std) in MAKEDEV. Any objections? Speak now, or forever hold the pieces. :-) M -- Mark Murray 46 Harvey Rd, Claremont, Cape Town 7700, South Africa +27 21 61-3768 GMT+0200 Finger mark@grumble.grondar.za for PGP key