Bug 1003051 - botan uses some pretty obsolete (and bad!) commands for gaining entropy
Summary: botan uses some pretty obsolete (and bad!) commands for gaining entropy
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: botan
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Thomas Moschny
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-30 15:45 UTC by Paul Wouters
Modified: 2013-08-30 18:15 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-08-30 18:15:00 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Paul Wouters 2013-08-30 15:45:16 UTC 
Botan-1.10.5/src/entropy/unix_procs/unix_src.cpp

/**
* Default Commands for Entropy Gathering
*/
std::vector<Unix_Program> Unix_EntropySource::get_default_sources()
   {
   std::vector<Unix_Program> srcs;

   srcs.push_back(Unix_Program("netstat -in",           1));
   srcs.push_back(Unix_Program("pfstat",                1));
   srcs.push_back(Unix_Program("vmstat -s",             1));
   srcs.push_back(Unix_Program("vmstat",                1));

   srcs.push_back(Unix_Program("arp -a -n",             2));
   srcs.push_back(Unix_Program("ifconfig -a",           2));
   srcs.push_back(Unix_Program("iostat",                2));
   srcs.push_back(Unix_Program("ipcs -a",               2));
   srcs.push_back(Unix_Program("mpstat",                2));
   srcs.push_back(Unix_Program("netstat -an",           2));
   srcs.push_back(Unix_Program("netstat -s",            2));
   srcs.push_back(Unix_Program("nfsstat",               2));
   srcs.push_back(Unix_Program("portstat",              2));
   srcs.push_back(Unix_Program("procinfo -a",           2));
   srcs.push_back(Unix_Program("pstat -T",              2));
   srcs.push_back(Unix_Program("pstat -s",              2));
   srcs.push_back(Unix_Program("uname -a",              2));
   srcs.push_back(Unix_Program("uptime",                2));

   srcs.push_back(Unix_Program("listarea",              3));
   srcs.push_back(Unix_Program("listdev",               3));
   srcs.push_back(Unix_Program("ps -A",                 3));
   srcs.push_back(Unix_Program("sysinfo",               3));

   srcs.push_back(Unix_Program("finger",                4));
   srcs.push_back(Unix_Program("mailstats",             4));
   srcs.push_back(Unix_Program("rpcinfo -p localhost",  4));
   srcs.push_back(Unix_Program("who",                   4));
   srcs.push_back(Unix_Program("df -l",                 4));
   srcs.push_back(Unix_Program("dmesg",                 4));
   srcs.push_back(Unix_Program("last -5",               4));
   srcs.push_back(Unix_Program("ls -alni /proc",        4));
   srcs.push_back(Unix_Program("ls -alni /tmp",         4));
   srcs.push_back(Unix_Program("pstat -f",              4));

   srcs.push_back(Unix_Program("ps -elf",               5));
   srcs.push_back(Unix_Program("ps aux",                5));

   srcs.push_back(Unix_Program("lsof -n",               6));
   srcs.push_back(Unix_Program("sar -A",                6));

This is a really epic list of binaries that provide quite some questionable entropy (seriously, filenames in /tmp ????)

This was noticed when opendnssec, which uses botan, called vmstat.

These binaries are not in the Requires: either, possibly degrading the randomness even further. Please fix the requires, and perhaps suggest to upstream to come up with something more along the lines of FIPS 140-2 methods of getting randomness/entropy.
Comment 1 Thomas Moschny 2013-08-30 17:23:23 UTC 
The unix_procs module is one of a bunch of modules helping in getting entropy, others which are enabled are hres_timer, proc_walk, egd, rdrand, and dev_random. Note that EntropySources are not to be used by themselves but only by Botan's Random Number Generators (see http://botan.randombit.net/rng.html).

So, we *could* disable the unix_procs module, but I don't see a good reason why we should. Can you explain why calling vmstat was a problem?

On the other hand, I also don't see a reason to list all these binaries as Requirements. If one is missing, it'll be skipped, that's it. If it is there, it helps gathering entropy.

Additionally I'd like to point you to http://botan.randombit.net/faq.html#is-this-thing-safe-to-use . If we think Botan is doing something wrong (which I'm not yet convinced of), we really should discuss it with Jack Lloyd (upstream author).
Comment 2 Paul Wouters 2013-08-30 17:58:23 UTC 
I did not look at the other modules or how they integrate. But I do think this list of commands is bad. "helps gather entropy" when that entropy is bad is not helping compared to adding none.

I don't know if this is a problem on fedora, or whether this ever gets executed on fedora. I just investigated a report on opendnssec from a user on an unspecified system that called vmstat. I use opendnssec to generate DNSSEC keys, so personally I'd rather see this module not used.
Comment 3 Thomas Moschny 2013-08-30 18:15:00 UTC 
Unfortunately you did not explain

- why you think output from these commands is not suitable for gathering entropy
- why calling vmstat is a problem

Really, if you are good in cryptography, please discuss this with Jack Lloyd, because as far as I know, he is.

As I am not, and only packaging the library, I will not - without reading something that at least looks convincing to me - disable entropy gathering modules, based on someone thinking "this list of commands is bad" missing  further explanation, sorry.
Note You need to log in before you can comment on or make changes to this bug.