Bug 1285779 - Do not access /dev/random in the selftest and use /dev/urandom instead of /dev/random if unavailable
Do not access /dev/random in the selftest and use /dev/urandom instead of /de...
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libgcrypt (Show other bugs)
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
Depends On:
  Show dependency treegraph
Reported: 2015-11-26 07:39 EST by Stanislav Zidek
Modified: 2016-05-25 12:25 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1205217
Last Closed: 2016-05-25 12:25:53 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stanislav Zidek 2015-11-26 07:39:36 EST
+++ This bug was initially created as a clone of Bug #1205217 +++

Same problem present in RHEL-6 (libgcrypt-1.4.5-11.el6_4).

SELinux blocks many confined domains from accessing /dev/random which is correct as pulling from it drains system entropy. libgcrypt should not try to access it and it should also gracefully fallback to /dev/urandom instead of abort.
Comment 1 Tomas Mraz 2015-11-26 07:58:14 EST
The situation is different on RHEL-6 as the selftest is not run in the library constructor there. So although the problem is still there it is less pronounced and we do not have any customer case attached for RHEL-6.
Comment 2 Stanislav Zidek 2015-11-26 12:24:23 EST
Thanks for noting, Tomas. Taking it into consideration, I am further lowering the priority and severity.
Comment 4 RHEL Product and Program Management 2016-05-25 12:25:53 EDT
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.

Note You need to log in before you can comment on or make changes to this bug.