On Wed, 2011-09-07 at 15:30 -0400, Jarod Wilson wrote: > Sasha Levin wrote: > > On Wed, 2011-09-07 at 14:26 -0400, Jarod Wilson wrote: > >> Sasha Levin wrote: > >> [..] And anything done in > >> userspace is going to be full of possible holes [..] > > > > Such as? Is there an example of a case which can't be handled in > > userspace? > > How do you mandate preventing reads from urandom when there isn't > sufficient entropy? You likely wind up needing to restrict access to the > actual urandom via permissions and selinux policy or similar, and then > run a daemon or something that provides a pseudo-urandom that brokers > access to the real urandom. Get the permissions or policy wrong, and > havoc ensues. An issue with the initscript or udev rule to hide the real > urandom, and things can fall down. Its a whole lot more fragile than > this approach, and a lot more involved in setting it up. Replace /dev/urandom with a simple CUSE driver, redirect reads to the real urandom after applying your threshold. -- Sasha. -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
