On 31.08.2012 15:45, Eric Covener wrote:
I'm fighting a problem on new releases of AIX where in some
environments, /dev/random seems to run out of entropy way too quick.
I'd like a way to suppress the apr_uuid_get->
apr_generate_random_bytes() in mod_proxy_balancer used for the
balancer-manager nonce in affected environments.
Doesn't it only call apr_uuid_get() during creation of the balancer
worker? So IMHO it should be only a problem during startup.
I was thinking a global "BalancerManager off" could be used for this
For 2.4 there already seems to be a configurable "nonce" attribute for
each balancer allowing the special value "None". Not so for 2.2.
and would also have the upside of fixing the SetHandler htaccess
problem.
Not sure what the "SetHandler htaccess" problem is.
Alternatives would be to find a weaker source for the nonce, or allow
tto opt out / use a hard-coded one.
Any suggestions?
Concerning the more recent discussion on this topic: it seems the nonce
was introduced in r661666 to counter a possible CSRF attack against the
balancer manager (CVE-2007-6420). Configurability was aded later.
Regards,
Rainer
