Re: Is writing to /dev/ramdom a security flaw (vserver project)

Christopher Friesen (cfriesen@nortelnetworks.com)
Fri, 19 Oct 2001 17:38:07 -0400


Jacques Gelinas wrote:
>
> I have announced a project (see my signature) to run several virtual servers
> on a single box (single kernel as well). The vservers are real linux distribution
> running in a chroot/chbind/chcontext and capability limited environment.
>
> While looking at the kernel we found out that writing to /dev/random is
> not controlled by any capability. We are providing a /dev/random in
> the vservers with permission 644, so it can be used.
>
> Is this a security issue if an administrator of a vserver is allowed to write
> in /dev/random ?

My understanding is that anything written to /dev/random is stirred into the
pool without incrementing the entropy count. Thus, it shouldn't be an issue.

Chris

-- 
Chris Friesen                    | MailStop: 043/33/F10  
Nortel Networks                  | work: (613) 765-0557
3500 Carling Avenue              | fax:  (613) 765-2986
Nepean, ON K2H 8E9 Canada        | email: cfriesen@nortelnetworks.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/