In article [EMAIL PROTECTED] [EMAIL PROTECTED] write:
[XDM randomness]
/dev/random? /dev/urandom? You are kidding. This randmomness is used
to create authorisation cookies for X which in my understanding provide
ZERO security. Use plain libc rand() and the security is exactly the same.
In the
[Apologies to readers of debian-sparc, who have already received a copy of this]
In article [EMAIL PROTECTED] [EMAIL PROTECTED] write:
[XDM randomness]
/dev/random? /dev/urandom? You are kidding. This randmomness is used
to create authorisation cookies for X which in my understanding provide
In article [EMAIL PROTECTED] Kusti writes:
I believe the /dev/mem gets read only in systems where no /dev/(u)random
exists.
Actually, the standard configuration is that /dev/mem is read. The
code to read from /dev/(u)random isn't activated in any situation in
the standard upstream X
In article [EMAIL PROTECTED] Branden writes:
I can't believe he actually intends to keep it like this..
I'm going to #define DEV_RANDOM /dev/random for Linux systems.
And Debian Hurd? Or does the Hurd not have /dev/random or /dev/urandom?
I suspect that /dev/urandom may be the better choice,
On Fri, 30 Aug 2002, Jonathan Amery wrote:
Date: Fri, 30 Aug 2002 13:58:43 +0100
From: Jonathan Amery [EMAIL PROTECTED]
To: [EMAIL PROTECTED], debian-x@lists.debian.org
Subject: Re: a small C program to test xdm's /dev/mem reading on your
architecture
In article [EMAIL PROTECTED] Branden
Hello !
This programm works on
20164 (LX) running Debian/GNU Linux (Woody)
20164 (dual) running Digital Unix (using Compaq C-Compiler)
20264 (XP1000) running Linux
Greetings
Helge
--
Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
gpg signed mail preferred
Marcus Brinkmann [EMAIL PROTECTED] writes:
You are mistaken. Do yourself a favour and get a book about (pseudo)
random number generators, entropy, hash functions and cryptography.
If you don't start with random numbers, you can turn the numbers upside
down, it won't get any more random than
The long story, for those interested:
http://lists.debian.org/debian-x/2002/debian-x-200208/msg00091.html
(and read the whole thread)
The short story:
I need people with root on machines of your given architecture to
compile and run the attached C program. It consists of code borrowed
from
Be warned: on at least some architectures (notably IA-64), this sort of
read has been known to cause untrapped machine checks (a.k.a., lockups
or spontaneous reboots). Arguably the kernel should trap this sort of
nonsense, so you may be in the mood to file a bug against kernel
On Mon, Aug 26, 2002 at 04:28:38PM +1000, matthew green wrote:
wow, this is such a bad idea.
It originated upstream.
mmm, xdm.
In fact, judging by CVS logs it has been in xdm's source for many, many
years.
bad ideas often hang around for a long time. the only
Hello !
I'll run it later on different alphas, but I checked it on a
ppc-machine running AIX if this is of any interest to you:
[EMAIL PROTECTED]: /root # ./readmem.aix.x
Reading data from /dev/mem...
read #2 of 8192 bytes
...
read #1024 of 8192 bytes
done with read of /dev/mem (returned 1).
Hi,
On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
why don't you use /dev/urandom if it exists, as it does on pretty
much all modern UNIX platforms?
I see you haven't read the thread.
actually, i hadn't, but there wasn't very much there besides the
fact that
On Mon, 26 Aug 2002 17:04:26 +1000
matthew green [EMAIL PROTECTED] wrote:
actually, i hadn't, but there wasn't very much there besides the
fact that people found it was xdm reading /dev/mem and a small
patch for debian to enable /dev/random (i'd suggest /dev/urandom).
my point is that on
Filip Van Raemdonck [EMAIL PROTECTED] wrote:
On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
actually, i hadn't, but there wasn't very much there besides the
fact that people found it was xdm reading /dev/mem and a small
patch for debian to enable /dev/random (i'd suggest
On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
actually, i hadn't, but there wasn't very much there besides the
fact that people found it was xdm reading /dev/mem and a small
patch for debian to enable /dev/random (i'd suggest /dev/urandom).
If any of these it should be
Previously Kimmo K. I. Surakka wrote:
I think the safe way of getting random data without a decent random
source would be to write one. This, however, would be more that just
a small patch.
There is existing code to generate randomness from userland, look at
what current OpenSSH does for
matthew green [EMAIL PROTECTED] writes:
my point is that on modern systems we simply should not read
from /dev/mem for these purposes _ever_.
It would make some sense to read all the physical memory in the
machine. Unfortunately, I'm not aware of any reasonably way to do
that. Reading /dev/mem
Branden,
The long story, for those interested:
http://lists.debian.org/debian-x/2002/debian-x-200208/msg00091.html
(and read the whole thread)
The short story:
I need people with root on machines of your given architecture to
compile and run the attached C program. It consists of code
matthew green wrote:
bad ideas often hang around for a long time. the only surprising
thing to me is how long this one has taken to surface...
Perhaps Branden is gathering information about what a bad idea this
really is, to show upstream the error of their ways. I can't believe he
actually
On Mon, Aug 26, 2002 at 09:06:00AM -0400, Carlos O'Donell wrote:
Done. I've submitted the output for HPPA boxes running 32 and 64-bit
kernels. Looks like they pass without any problem. I'll pass on the
yes, but it may well crash them. some parts of /dev/mem map random IO
addresses which may
On Mon, Aug 26, 2002 at 10:23:06AM -0400, Joey Hess wrote:
matthew green wrote:
bad ideas often hang around for a long time. the only surprising
thing to me is how long this one has taken to surface...
Perhaps Branden is gathering information about what a bad idea this
really is, to show
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
I can't believe he actually intends to keep it like this..
I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will drain the entropy a lot, and it might
block for a long time, and that for
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
Also, reading /dev/mem doesn't sound very secure at all (even if it works)
because the patterns in the memory of a computer are probably predictable
and a lot of information can be observed from the outside (which processes
are
On Mon, Aug 26, 2002 at 08:16:06PM +0100, Matthew Wilcox wrote:
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
Also, reading /dev/mem doesn't sound very secure at all (even if it works)
because the patterns in the memory of a computer are probably predictable
and a lot of
Marcus Brinkmann writes:
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
I can't believe he actually intends to keep it like this..
I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will drain the entropy a lot, and it might
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
I can't believe he actually intends to keep it like this..
I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will
On Mon, Aug 26, 2002 at 03:28:18PM -0400, Jeff Sheinberg wrote:
Why does anyone need to read megabytes of urandom?
Nobody does. Or, at least, xdm doesn't. Markus is opining without the
benefit of having checked the facts.
--
G. Branden Robinson| What influenced me to
On Mon, Aug 26, 2002 at 02:43:09PM -0500, Branden Robinson wrote:
xdm doesn't read the same amount of data when it's reading from a
(presumably) entropic device node.
I didn't assume that.
It reads eight size_t's. Surely that is not excessive.
It's eight size_t's good entropy wasted for no
On Mon, Aug 26, 2002 at 02:44:26PM -0500, Branden Robinson wrote:
On Mon, Aug 26, 2002 at 03:28:18PM -0400, Jeff Sheinberg wrote:
Why does anyone need to read megabytes of urandom?
Nobody does. Or, at least, xdm doesn't. Markus is opining without the
benefit of having checked the facts.
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
I can't believe he actually intends to keep it like this..
I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will
30 matches
Mail list logo