[13733] in bugtraq
Re: Tempfile vulnerabilities
daemon@ATHENA.MIT.EDU (antirez)
Mon Feb 7 17:16:22 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <20000205121609.A149@nagash.suidshell.net>
Date: Sat, 5 Feb 2000 12:16:09 +0100
Reply-To: antirez@invece.org
From: antirez <antirez@INVECE.ORG>
X-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200002022136.OAA09251@cvs.openbsd.org>; from
deraadt@CVS.OPENBSD.ORG on Wed, Feb 02, 2000 at 02:36:20PM -0700
On Wed, Feb 02, 2000 at 02:36:20PM -0700, Theo de Raadt wrote:
> The terrible /tmp race handling aside...
>
> I suppose then that anyone who attacks a machine which relies on
> /dev/random -- a world readable device -- should do the following:
>
> cat /dev/random > /dev/null &
>
> Crypto software which uses those devices should be doing some kind of
> checking to make sure that they are getting at least good entropy. I
[snip]
Sure but there is another problem, while evil user exec 'cat /dev/random >
/dev/null &' maybe that the following results in an infinite loop:
while(there_are_enougt_entropy() == 0)
sleep(1);
/* race -- what if the evil user starts to deplate the entropy pool here? */
get_entropy_from_randomdev();
Can be so easy to DoS cryptographic software?
Of course all insecure cgi scripts or daemons may be used to pool from
/dev/random remotely. An example? the old TERM="../../../bla" problem.
antirez
