|From:||Jeff Garzik <jeff-AT-garzik.org>|
|To:||"Brandeburg, Jesse" <jesse.brandeburg-AT-intel.com>|
|Subject:||Re: [PATCH] drivers/net: remove network drivers' last few uses of IRQF_SAMPLE_RANDOM|
|Date:||Thu, 15 May 2008 14:04:08 -0400|
|Cc:||Alan Cox <alan-AT-lxorguk.ukuu.org.uk>, Chris Peterson <cpeterso-AT-cpeterso.com>, netdev-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org|
Brandeburg, Jesse wrote: > we've been hearing rumblings of big customers wanting (maybe requiring) > wired network drivers from Intel to advertise this flag. Jeff have you > heard of such? I do indeed hear requests all the time, from people who want to make their boxes externally exploitable. :) > I think the argument is that a headless system (no keyboard/mouse, no > soundcard, probably no video) with a libata based driver and a network > driver without IRQF_SAMPLE_RANDOM has *no* sources of entropy. In this > case the argument is very strong for at least *some* source of entropy > from interrupts so that randomness can get some external input. Just > try rebuilding a kernel RPM over an ssh session and you'll see what I > mean. There are entropy sources on a headless box, even one without audio and video, that are more secure than adding IRQF_SAMPLE_RANDOM to network drivers. EGD demonstrates this, for example: http://egd.sourceforge.net/ It looks at snmp, w, last, uptime, iostats, vmstats, etc. And there are plenty of untapped entropy sources even so, such as reading temperature sensors, fan speed sensors on variable-speed fans, etc. Heck, "smartctl -d ata -a /dev/FOO" produces output that could be hashed and added as entropy. I'm interested to hear peoples' opinion of Chris P's patch, but definitely do not want to go in the other direction and start adding IRQF_SAMPLE_RANDOM, thus moving randomness in the direction of being externally exploitable. Jeff -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to firstname.lastname@example.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds