Re: [PATCH] crypto: change hwrng device default permissions to 0444

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 07/12/2017 12:13 PM, Herbert Xu wrote:
> On Mon, Jul 03, 2017 at 12:37:59PM +0200, Harald Freudenberger wrote:
>> Currently /dev/hwrng uses default device node permissions
>> which is 0600. So by default the device node is not accessible
>> by an ordinary user. Some distros do rewrite the device node
>> permissions via udev rule, others don't. This patch provides
>> 0444 as the new mode value and so makes the device node
>> accessible for all users without the need to have udev rules
>> rewriting the access rights.
>>
>> Signed-off-by: Harald Freudenberger <freude@xxxxxxxxxxxxxxxxxx>
> Hmm, one usage scenario for /dev/hwrng is to feed rngd which then
> feeds into /dev/random.  In that case it may not be desirable to
> allow arbitrary access to hwrgn since it may cause the rate of
> entropy going into /dev/random to go down.
>
> In any case, as you noted userspace can change this anyway so I
> don't see why we need to make this policy change in the kernel.
>
> Cheers,
It was worth a try to get rid of complains from customers.
However, your argument about the possible weakness in
the entropy pool for /dev/random with pumping hwrng dry
does not really fit: This can be easier done by just pulling
random directly from /dev/random, as every distro I could
get a hand on uses crw-rw-rw- permissions on /dev/random
and /dev/urandom.

Thanks
Harald Freudenberger




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux