[tytso@xxxxxxx: Re: Linux messages full of `random: get_random_u32 called from`]

[vcaputo@xxxxxxxxxxx (Vito Caputo)]

Hello systemd-devel,

There's an ongoing discussion @ lkml about early boot random number
entropy, or the lack of it, and how it may hang systemd-using instances
from booting indefinitely.

Ted Ts'o is questioning the validity of journal-authenticate's early
random number usage, maybe some of you care to comment.

Please find the forwarded message below.

Regards,
Vito Caputo


----- Forwarded message from "Theodore Y. Ts'o" <tytso at mit.edu> -----

Date: Tue, 1 May 2018 20:56:04 -0400
From: "Theodore Y. Ts'o" <tytso@xxxxxxx>
To: Sultan Alsawaf <sultanxda at gmail.com>
Cc: Justin Forbes <jmforbes at linuxtx.org>, Jeremy Cline <jeremy at jcline.org>, Pavel
	Machek <pavel at ucw.cz>, LKML <linux-kernel at vger.kernel.org>, Jann Horn
	<jannh at google.com>
Subject: Re: Linux messages full of `random: get_random_u32 called from`
User-Agent: Mutt/1.9.5 (2018-04-13)

On Tue, May 01, 2018 at 05:43:17PM -0700, Sultan Alsawaf wrote:
> 
> I've attached what I think is a reasonable stopgap solution until this is
> actually fixed. If you're willing to revert the CVE-2018-1108 patches
> completely, then I don't think you'll mind using this patch in the meantime.

I would put it slightly differently; reverting the CVE-2018-1108
patches is less dangerous than what you are proposing in your attached
patch.

Again, I think the right answer is to fix userspace to not require
cryptographic grade entropy during early system startup, and for
people to *think* about what they are doing.  I've looked at the
systemd's use of hmac in journal-authenticate, and as near as I can
tell, there isn't any kind of explanation about why it was necessary,
or what threat it was trying to protect against.

						- Ted

----- End forwarded message -----