On Mon, May 14, 2018 at 03:11:30AM +0100, Ben Hutchings wrote:
> On Sun, 2018-05-13 at 23:48 +0300, Adrian Bunk wrote:
>...
> > Due to the gdm bugs mentioned above we know that there are real-life
> > situations where gdm currently uses "random" data that might be
> > predictable.
> >
> > grep t
> "Thorsten" == Thorsten Glaser writes:
Thorsten> Adrian Bunk dixit:
>> As an example, what happens if I debootstrap and deploy the
>> resulting filesytem to a large number of identical embedded
>> systems without entropy sources?
Thorsten> Just get into a habit of not do
On Sun, 2018-05-13 at 23:48 +0300, Adrian Bunk wrote:
> On Wed, May 09, 2018 at 11:46:00PM +0100, Ben Hutchings wrote:
[...]
> > # Options for a new fix
> >
> > It is unlikely that any further fix will be forthcoming on the kernel
> > side, so I believe that we need to do one of:
> >
> > 1. Add e
Theodore Y. Ts'o dixit:
>that problems helps most of our users, and we shouldn't let the
>perfect be the enemy of the good.
Agreed. Start small, then enhance one bootloader at a time.
Or boot protocol, I assume.
>Also note that the bootloader has depend on userspace to refresh the
>seed entropy,
(Quoting somewhat out of order)
On Sun, May 13, 2018 at 09:23:39PM +, Thorsten Glaser wrote:
>
> It’s also no solution for the arc4random API… seems like a cultural
> clash (BSD expectations vs. what Linux can actually deliver).
It's instructive to look how OpenBSD solves this problem. OpenB
Adrian Bunk dixit:
>As an example, what happens if I debootstrap and deploy the resulting
>filesytem to a large number of identical embedded systems without
>entropy sources?
Just get into a habit of not doing so, for example by modifying the
image during each writing process.
Having the bootloa
On Wed, May 09, 2018 at 11:46:00PM +0100, Ben Hutchings wrote:
>...
> # Security flaw and initial fix
>
> Recently it was discovered that getrandom() could return successfully
> before the RNG was really ready to produce unpredictable data. This
> issue was designated as CVE-2018-1108, and was fi
7 matches
Mail list logo