Re: random(4) and VMs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 18, 2018 at 7:03 PM John Denker <jsd@xxxxxxxx> wrote:

> > Is a fix that only deals with a subset of the problem worth
> > considering? Just patch the VM support code so that any time a VM is
> > either booted or re-started after a save, the host system drops in
> > some entropy, ...
>
> Good solutions already exist for that subset of the problem.
>
> Configure your VM so that each guest has a virtual /dev/hwrng
> I know this works for qemu.
> I imagine it works for other VMs.
>
> If you find this unsatisfactory, please explain.

It may still leave a VM that is snapshotted & restarted vulnerable to
replay since the random state is saved & restored. I'm not sure this
is much of a problem since an attacker would presumably need
privileged access to the host to exploit it & if he has that, all is
lost anyway.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux