Date: Sun, 12 Nov 1995 11:32:47 +0200 From: Mark Murray <mark@grondar.za> To: bruce@freebsd.org Cc: current@freebsd.org Subject: /dev/random permissions etc Message-ID: <199511120932.LAA24354@grumble.grondar.za>
next in thread | raw e-mail | index | archive | help
Hi
A couple of weeks ago I agreed that the right permissions for /dev/*random
were 660 and owned by root.kmem.
I have discussed this with the original author, and am now quite firmly
of the opinion that this is bad.
Here are my reasons:
The original idea was that protecting these devices would help prevent
denial-of-service attacks. I believe that this is not really valid given
that easier amd harsher attacks are possible (fork bombs, disk fillers
etc). It is easy to find a job that has gone crazy reading all the
entropy.
By making the device non-world-readable, forces programs like PGP to
be at least setgid. MAJOR LOSE! An attacker can now read /dev/kmem
using pgp! It also makes the device difficult to use, as the secure
writing of set[gu]id programs is nortoriously unsafe ;-)
The original author's idea was that /dev/urandom would be "sufficiently
random", while /dev/random would be "as random as possible", so the latter
device only gives as many bits of randomness at it believes it has. This
does not mean that /dev/urandom has lousy numbers. On the contrary, it
has very good numbers which only extremelely powerful adversaries with
hefty computing power have a chance of breaking. Due to the nature of
the MD5 algorithm used, chances of such breakages depend mainly on
hitherto un{discovered|published} weaknesses in MD5.
Future developments to this device will include users' ability to add
randomess, and root's ability to increase or decrease the entropy
estimate. This will require the device to be world readable and
writeable.
I am going to set /dev/*random to mode 666 owner root.wheel (like
/dev/null) and put them in the same paragraph (std) in MAKEDEV.
Any objections? Speak now, or forever hold the pieces. :-)
M
--
Mark Murray
46 Harvey Rd, Claremont, Cape Town 7700, South Africa
+27 21 61-3768 GMT+0200
Finger mark@grumble.grondar.za for PGP key
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511120932.LAA24354>