Re: Inquiry about the removal of flag O_NONBLOCK on /dev/random

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Jul 21, 2022 at 02:44:54PM +0800, Guozihua (Scott) wrote:
 > 
> We have a userspace program that starts pretty early in the boot process and
> it tries to fetch random bits from /dev/random with O_NONBLOCK, if that
> returns -EAGAIN, it turns to /dev/urandom. Is this a correct handling of
> -EAGAIN? Or this is not one of the intended use case of O_NONBLOCK?

In addition to the good points which Eric and Jason have raised, the
other thing I would ask you is ***why*** is your userspace program
trying to fetch random bits early in the boot process?  Is it, say,
trying to generate a cryptographic key which is security critical.  If
so, then DON'T DO THAT.

There have been plenty of really embarrassing security problems caused
by consumer grade products who generate a public/private key pair
within seconds of the customer taking the product out of the box, and
plugging it into the wall for the first time.  At which point,
hilarity ensues, unless the box is life- or mission- critical, in
which case tragedy ensues....

Is it possible to move the userspace program so it's not being started
early in the boot process?  What is it doing, and why does it need
random data in the first place?

						- Ted



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux