On Wed, Feb 02, 2000 at 02:36:20PM -0700, Theo de Raadt wrote: > The terrible /tmp race handling aside... > > I suppose then that anyone who attacks a machine which relies on > /dev/random -- a world readable device -- should do the following: > > cat /dev/random > /dev/null & > > Crypto software which uses those devices should be doing some kind of > checking to make sure that they are getting at least good entropy. I [snip] Sure but there is another problem, while evil user exec 'cat /dev/random > /dev/null &' maybe that the following results in an infinite loop: while(there_are_enougt_entropy() == 0) sleep(1); /* race -- what if the evil user starts to deplate the entropy pool here? */ get_entropy_from_randomdev(); Can be so easy to DoS cryptographic software? Of course all insecure cgi scripts or daemons may be used to pool from /dev/random remotely. An example? the old TERM="../../../bla" problem. antirez
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:40 PDT