On Mon, May 14, 2018 at 04:32:26PM -0300, Lisandro Damián Nicanor Pérez Meyer 
> On 14 May 2018 at 16:24, Mattia Rizzolo <mat...@debian.org> wrote:
> > On Mon, May 14, 2018 at 01:55:55PM -0300, Lisandro Damián Nicanor Pérez 
> > Meyer wrote:
> >> Quoting from the above:
> >>
> >>   The rationale of this system call is to provide resiliance against
> >>   file descriptor exhaustion attacks, where the attacker consumes all
> >>   available file descriptors, forcing the use of the fallback code where
> >>   /dev/[u]random is not available.  Since the fallback code is often not
> >>   well-tested, it is better to eliminate this potential failure mode
> >>   entirely.
> >>
> >> So if we disable it we disable a feature providing a more robust method to
> >> provide randomness to ours users.
> >
> > Reading this sounds like the presence of the syscall could be tested at
> > runtime, and if present used and if not fall back to dev/urandom?
> Patches directly at upstream (due to copyright issues) are welcomed :-)

As far as I can see, there are 4 sane options available:

1. unsupported, and give a clear error
For working upgrades it is important that software in a stable release 
works on kernels of the previous and next stable releases.
This also ends up being well-tested in upgrade scenarios.
Running buster on the jessie kernel is not really supported,
and even less tested.
libqt5core5a should abort with a clear error message in the preinst
on kernels < 3.17.

2. disable QT_CONFIG(getentropy) in Qt in buster

3. implement a fallback in Qt

4. backport getrandom to the jessie kernel
getrandom is only ~ 20 LOC plus some syscall wiring, so if anyone wants 
to convince/pay the Debian LTS team to backport that to the jessie 
kernel it should be doable.

None of these 4 options should be more than 1 man-day of work.

The submitter of #902118 was running buster packages on a CentOS kernel. 
For such cases of users using non-Debian kernels option 4 would not help.

This CentOS kernel (3.14) is even older than the jessie kernel, and 
in this case the buster Qt might still not work in any case due to
QT_CONFIG(renameat2) which requires >= 3.16.

IMHO option 1 is the best solution since no matter what we do about this 
specific problem, running buster on the jessie kernel might still break 
somewhere else at any point in time.



       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

Reply via email to