| 1 |
On Mon, 2004-04-19 at 17:55, Robert Connolly wrote: |
| 2 |
> Hello. I have attached two patches. The linux kernel patch is from Eli |
| 3 |
> Billauer of http://frandom.sourceforge.net/ Full source and docs for this |
| 4 |
> patch are here http://www.linuxfromscratch.org/~robert/hlfs/hints/ |
| 5 |
> attachments/entropy/frandom-0.8.tar.gz |
| 6 |
> |
| 7 |
> This version of frandom includes erandom (economical) which uses frandom as a |
| 8 |
> seed, and uses no entropy from the kernel. The quality of the output bytes |
| 9 |
> has been tested and found to be good quality random. Its not intended for |
| 10 |
> crypto, its for anything else. This version of frandom also features a sysctl |
| 11 |
> interface. The attached kernel patch enables it by default. It can be found |
| 12 |
> in the char devices config menu. |
| 13 |
|
| 14 |
Could you test the following attachment (guard-test) a few times and |
| 15 |
post the results? Mainly I'd like to verify that your __guard is infact |
| 16 |
working as expected. (It should SEGFAULT or SIGABRT) |
| 17 |
|
| 18 |
> The attached glibc patch uses the frandom sysctl interface, and has a bug fix |
| 19 |
> (/4). I removed some #ifdefs that I thought should always be defined (maybe |
| 20 |
> someone can double check it, should be okay though). So, install the frandom |
| 21 |
> kernel first (built in, not module), reboot, and replace this attached glibc |
| 22 |
> patch with the original glibc-ssp patch, and install glibc. |
| 23 |
> |
| 24 |
|
| 25 |
> The finished result will stop SSP from draining kernel entropy. Preformance |
| 26 |
> might be a bit better then using /dev/urandom too. And sysctl will work threw |
| 27 |
> chroot without depending on a device in /dev. |
| 28 |
I like that. |
| 29 |
|
| 30 |
> Comments, questions? |
| 31 |
|
| 32 |
I took a quick look at the (glibc) code and it appears as if you drooped |
| 33 |
support completely for /dec/urandom I'm not sure if that's a good idea |
| 34 |
because if a user decides not to use frandom then she will end up with |
| 35 |
the default canary only which would weaken the entire model.. |
| 36 |
|
| 37 |
Also can this be enabled in the kernel as non LKM? |
| 38 |
As handy as modules are they are a security risk and should be avoided |
| 39 |
at all costs. |
| 40 |
|
| 41 |
> I'm subscribed to this list, please don't cc me. |
| 42 |
> |
| 43 |
> Robert |
| 44 |
> |
| 45 |
> ______________________________________________________________________ |
| 46 |
> -- |
| 47 |
> gentoo-hardened@g.o mailing list |
| 48 |
|
| 49 |
-- |
| 50 |
Ned Ludd <solar@g.o> |
| 51 |
Gentoo Linux Developer |
Archives