[PATCH] Update to the Samba crypto requirements document
Volker Lendecke
Volker.Lendecke at SerNet.DE
Thu Jan 4 10:24:46 UTC 2018
On Thu, Jan 04, 2018 at 10:14:01AM +0100, Björn JACKE wrote:
> On 2018-01-03 at 19:32 +0100 Volker Lendecke via samba-technical sent off:
> > If we need the fallback code anyway, and the getentropy call does not
> > prove a significant speed advantage, we should stick with the pretty
> > portable read of /dev/urandom.
>
> I don't see speed as the main advantage. The point that /dev/urandom isn't
> required is a pro point, people who use chroot or selinux or apparmor or
> simply jailbash might notice quite late that /dev/urandom access is needed at
> some point. And a urandom device node can also only be created by root while an
> unprivileged user can't.
Isn't a good random source a pretty universal requirement for many
services? If every program that wants to live in a sandbox has to
implement not only one but two mechanisms for getting randomness for
the different situations (old kernel and faulty selinux settings),
from my point of view this is just asking for trouble. This is
security relevant, and if there is one enemy of security, it is
complexity.
We can do either. /dev/urandom *or* getentropy syscall, determined at
compile time. No runtime fallback.
If modern glibc screws us on old kernels, we just can't use
getentropy.
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list