Closed fosslinux closed 4 years ago
Upon further inspection, it seems that the only Linux place where sysctl is used in crypto/random/seed/LinuxRandomUuidSysctlRandomSeed.c
. So, as from the release notes: For obtaining random bits, the getentropy function can be used.
I currently see two options:
1) Remove sysctl entirely for getting random on linux
2) Disable sysctl for getting random bits when there is glibc involved.
Thoughts?
So we could just drop the SysctlRandomSeed entirely, we have other seeding functions which use everything from /proc to __SYS_getrandom. The reason this has lived for so long is because of the chance that there might be a system where /proc actually doesn't work (suppose it has a file descriptor limit of zero). If it knows that it didn't get a random seed, it will abort, but if for some reason it thinks it got random data but in fact it got constant data (suppose someone was evil and linked /dev/urandom to /dev/zero), it would generate keys which are trivially cracked. That said, sysctl() has been deprecated for years now and I suppose it is not unreasonable to sunset it at this point.
@fosslinux
LinuxRandomUuidSysctlRandomSeed actually calls SYS_getrandom - with a fallback to sysctl when getrandom is not available. This pull request (which is merged in crashey) ifdefs away sysctl when SYS_getrandom seems to be available. https://github.com/cjdelisle/cjdns/pull/1200/commits/bc524d74a3ebfb5dafd88fef078ebf87cab7b8df
That stops the compiler warnings/errors.
ah! I did notice the use of getrandom. That does fix this specific issue; I think I'll keep this issue open for now just so @cjdelisle's idea is noticed.
fine with me to close this because there is a solution in crashey which will eventually get merged
great
In glibc 2.30,
<sysctl/sysctl.h>
is deprecated, and this is issues as a warning when it is included. Because-Werror=cpp
is enabled, this results in an error.Likely the best cause of action is to remove sysctl, and replace it with reading from
/proc
, as mentioned in the release notes.Relevant error:
Other relevant issues: #20