Re: [PATCH] drivers/net: remove network drivers' last few uses ofIRQF_SAMPLE_RANDOM

From: Jeff Garzik
Date: Thu May 15 2008 - 14:04:26 EST


Brandeburg, Jesse wrote:
we've been hearing rumblings of big customers wanting (maybe requiring)
wired network drivers from Intel to advertise this flag. Jeff have you
heard of such?

I do indeed hear requests all the time, from people who want to make their boxes externally exploitable. :)


I think the argument is that a headless system (no keyboard/mouse, no
soundcard, probably no video) with a libata based driver and a network
driver without IRQF_SAMPLE_RANDOM has *no* sources of entropy. In this
case the argument is very strong for at least *some* source of entropy
from interrupts so that randomness can get some external input. Just
try rebuilding a kernel RPM over an ssh session and you'll see what I
mean.

There are entropy sources on a headless box, even one without audio and video, that are more secure than adding IRQF_SAMPLE_RANDOM to network drivers.

EGD demonstrates this, for example: http://egd.sourceforge.net/ It looks at snmp, w, last, uptime, iostats, vmstats, etc.

And there are plenty of untapped entropy sources even so, such as reading temperature sensors, fan speed sensors on variable-speed fans, etc.

Heck, "smartctl -d ata -a /dev/FOO" produces output that could be hashed and added as entropy.

I'm interested to hear peoples' opinion of Chris P's patch, but definitely do not want to go in the other direction and start adding IRQF_SAMPLE_RANDOM, thus moving randomness in the direction of being externally exploitable.

Jeff



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/