From owner-freebsd-security@FreeBSD.ORG Sat Jul 19 19:26:10 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9E06B79D for ; Sat, 19 Jul 2014 19:26:10 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E76A26CB for ; Sat, 19 Jul 2014 19:26:09 +0000 (UTC) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.14.9/8.14.9) with ESMTP id s6JJQ52b002267 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 19 Jul 2014 22:26:05 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.9.2 kib.kiev.ua s6JJQ52b002267 Received: (from kostik@localhost) by tom.home (8.14.9/8.14.9/Submit) id s6JJQ5PW002266; Sat, 19 Jul 2014 22:26:05 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 19 Jul 2014 22:26:05 +0300 From: Konstantin Belousov To: Steven Chamberlain , freebsd-security@freebsd.org Subject: Re: Speed and security of /dev/urandom Message-ID: <20140719192605.GV93733@kib.kiev.ua> References: <53C85F42.1000704@pyro.eu.org> <20140719190348.GM45513@funkthat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Gx/Ih+SeBVJCvkYs" Content-Disposition: inline In-Reply-To: <20140719190348.GM45513@funkthat.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on tom.home X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Jul 2014 19:26:10 -0000 --Gx/Ih+SeBVJCvkYs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Jul 19, 2014 at 12:03:48PM -0700, John-Mark Gurney wrote: > So, my suggestions: > 1) Convert arc4random(9) in the kernel to use the random pool as > /dev/random uses. I vaguely remeber there being an issue w/ > arc4random(9) being used early in boot before /dev/random is > initalized which would complicate this change... > 2) Convert arc4random(3) to use the sysctl, and if the sysctl fails, > kill the process. I think that using sysctl for non-management functionality is wrong. If this feature is for the libraries and applications, and not for system management and introspection utilities, it should be normal syscall. Being syscall, it also solves the issue of backward-compatibility, i.e. a new code, running on old kernel, get SIGSYS when using non-existing syscall. If application is so sophisticated that it want to handle the situation, it can, by installing a signal handler. Otherwise, it is terminated automatically. --Gx/Ih+SeBVJCvkYs Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTysZMAAoJEJDCuSvBvK1BEIkP/jMFy5Rx4fpQ2PDYcmdp94wt gMGmwws0mlerSZ7X/FKqQ5drlppeGbTuQoFw7+zIli4mDImTnDEIZ2tBdAVOFmOs OQrutmvoWfUweS2H0kSRcVBKqqII6OaUpSQ2t4ikBCQV5Ww0HooOm9gvm6e23ZPV XTVJx1AMz6HM+Ama+cFsmvUwvsNLWXLQSOdfIdYFjiRTolEAFO0Cx4LqRt7ENWnS G57ztrYjPTA3fegbaSdN24Wg8BkRjtJrWr2SqJeJu2Uy1ZoIrUwRz63HC74+B/ym TLfYqPPoNSDFov+JhoYvaln50K6V3guXx3xhzWNbM4cm2k0CoB4OfeDiwJhHdFg8 IvaQZrSywiH0Bx0G1ZzjVZiBFq4It0iB2u1vwXGkfjL9Rpbh9yBCkDVijuTl0eYd 7qUQY20txEJ2Y28ZWxuJyXik2H+ltAa2rkX52qBRyKH/SKyEYgoijpMmD1iJStPy H8QzN45scHFpS0KTbuPRI7pq3ISg+TJ3iJUSeVfRCBGPwXe/ZZcs4MUfD2+WPObK J6mHeNLID5/xkR4mJA7xdZ71XPIeFG4pTjVZFXHCwrAwMDpDqg+txdoetCv7ElZA dnh6Z3qRv5QFJjZ2RWfUHemkcJOXhtxHLdugDfrvh7oZf32Xu1oYlJ0Zh2nqJ7Ws /UXqCb0gLK7wqYafer9o =F+gt -----END PGP SIGNATURE----- --Gx/Ih+SeBVJCvkYs--