|
| From: | Paul Eggert |
| Subject: | bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
| Date: | Mon, 18 Jan 2016 21:34:12 -0800 |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 |
Eli Zaretskii wrote:
We all silently fix blunders and other trivial problems; this wasn't one of them.
I thought it a trivial matter; evidently I was mistaken. My apologies.
AFAICS, we close the file descriptor as soon as we finished reading. So unless GnuTLS initialization is run in another thread, there won't be 2 descriptors at the same time.
GnuTLS keeps /dev/urandom open indefinitely. If Emacs opens /dev/urandom independently it can have two file descriptors open to the same file. Yes, it's not a huge deal performance-wise; but it is strange, and when doing security audits it will be one more thing to explain.
But where we need to seed our own PRNG, we better had a good idea of what we do and what kind of randomness we get.
Any worries we might have about GnuTLS's randomness apply with equal force to /dev/urandom's. After all, /dev/urandom is not guaranteed to be random.
Really, though, if we can't trust GnuTLS to give us random data, we should not trust it for communications security at all. Nonces are that basic.
So what is special about GnuTLS?
GnuTLS already has the random data we need; other libraries don't.I installed the documentation patch, since it does seem a minor improvement. Yes, the doc could have been improved ages ago, but late is better than never.
| [Prev in Thread] | Current Thread | [Next in Thread] |