| Summary: | botan uses some pretty obsolete (and bad!) commands for gaining entropy | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Paul Wouters <pwouters> |
| Component: | botan | Assignee: | Thomas Moschny <thomas.moschny> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | thomas.moschny |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2013-08-30 18:15:00 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
The unix_procs module is one of a bunch of modules helping in getting entropy, others which are enabled are hres_timer, proc_walk, egd, rdrand, and dev_random. Note that EntropySources are not to be used by themselves but only by Botan's Random Number Generators (see http://botan.randombit.net/rng.html). So, we *could* disable the unix_procs module, but I don't see a good reason why we should. Can you explain why calling vmstat was a problem? On the other hand, I also don't see a reason to list all these binaries as Requirements. If one is missing, it'll be skipped, that's it. If it is there, it helps gathering entropy. Additionally I'd like to point you to http://botan.randombit.net/faq.html#is-this-thing-safe-to-use . If we think Botan is doing something wrong (which I'm not yet convinced of), we really should discuss it with Jack Lloyd (upstream author). I did not look at the other modules or how they integrate. But I do think this list of commands is bad. "helps gather entropy" when that entropy is bad is not helping compared to adding none. I don't know if this is a problem on fedora, or whether this ever gets executed on fedora. I just investigated a report on opendnssec from a user on an unspecified system that called vmstat. I use opendnssec to generate DNSSEC keys, so personally I'd rather see this module not used. Unfortunately you did not explain - why you think output from these commands is not suitable for gathering entropy - why calling vmstat is a problem Really, if you are good in cryptography, please discuss this with Jack Lloyd, because as far as I know, he is. As I am not, and only packaging the library, I will not - without reading something that at least looks convincing to me - disable entropy gathering modules, based on someone thinking "this list of commands is bad" missing further explanation, sorry. |
Botan-1.10.5/src/entropy/unix_procs/unix_src.cpp /** * Default Commands for Entropy Gathering */ std::vector<Unix_Program> Unix_EntropySource::get_default_sources() { std::vector<Unix_Program> srcs; srcs.push_back(Unix_Program("netstat -in", 1)); srcs.push_back(Unix_Program("pfstat", 1)); srcs.push_back(Unix_Program("vmstat -s", 1)); srcs.push_back(Unix_Program("vmstat", 1)); srcs.push_back(Unix_Program("arp -a -n", 2)); srcs.push_back(Unix_Program("ifconfig -a", 2)); srcs.push_back(Unix_Program("iostat", 2)); srcs.push_back(Unix_Program("ipcs -a", 2)); srcs.push_back(Unix_Program("mpstat", 2)); srcs.push_back(Unix_Program("netstat -an", 2)); srcs.push_back(Unix_Program("netstat -s", 2)); srcs.push_back(Unix_Program("nfsstat", 2)); srcs.push_back(Unix_Program("portstat", 2)); srcs.push_back(Unix_Program("procinfo -a", 2)); srcs.push_back(Unix_Program("pstat -T", 2)); srcs.push_back(Unix_Program("pstat -s", 2)); srcs.push_back(Unix_Program("uname -a", 2)); srcs.push_back(Unix_Program("uptime", 2)); srcs.push_back(Unix_Program("listarea", 3)); srcs.push_back(Unix_Program("listdev", 3)); srcs.push_back(Unix_Program("ps -A", 3)); srcs.push_back(Unix_Program("sysinfo", 3)); srcs.push_back(Unix_Program("finger", 4)); srcs.push_back(Unix_Program("mailstats", 4)); srcs.push_back(Unix_Program("rpcinfo -p localhost", 4)); srcs.push_back(Unix_Program("who", 4)); srcs.push_back(Unix_Program("df -l", 4)); srcs.push_back(Unix_Program("dmesg", 4)); srcs.push_back(Unix_Program("last -5", 4)); srcs.push_back(Unix_Program("ls -alni /proc", 4)); srcs.push_back(Unix_Program("ls -alni /tmp", 4)); srcs.push_back(Unix_Program("pstat -f", 4)); srcs.push_back(Unix_Program("ps -elf", 5)); srcs.push_back(Unix_Program("ps aux", 5)); srcs.push_back(Unix_Program("lsof -n", 6)); srcs.push_back(Unix_Program("sar -A", 6)); This is a really epic list of binaries that provide quite some questionable entropy (seriously, filenames in /tmp ????) This was noticed when opendnssec, which uses botan, called vmstat. These binaries are not in the Requires: either, possibly degrading the randomness even further. Please fix the requires, and perhaps suggest to upstream to come up with something more along the lines of FIPS 140-2 methods of getting randomness/entropy.