Is writing to /dev/ramdom a security flaw (vserver project)

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Lang: "Re: MODULE_LICENSE and EXPORT_SYMBOL_GPL"
• Previous message: David S. Miller: "Re: Awfully slow /proc/net/tcp, netstat, in.identd in 2.4 (updated)"
• Next in thread: Christopher Friesen: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"
• Reply: Christopher Friesen: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"
• Reply: David Wagner: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"

While looking at the kernel we found out that writing to /dev/random is
not controlled by any capability. We are providing a /dev/random in
the vservers with permission 644, so it can be used.

Is this a security issue if an administrator of a vserver is allowed to write
in /dev/random ?

Looking at the source, it seems that it just increase the entropy and should
not be an issue. I am no expert in randomness.

If this is an issue, then a capability must exist to limit that (CAP_SYS_ADMIN
I guess).

Thanks!

---------------------------------------------------------
Jacques Gelinas <jack@solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: David Lang: "Re: MODULE_LICENSE and EXPORT_SYMBOL_GPL"
• Previous message: David S. Miller: "Re: Awfully slow /proc/net/tcp, netstat, in.identd in 2.4 (updated)"
• Next in thread: Christopher Friesen: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"
• Reply: Christopher Friesen: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"
• Reply: David Wagner: "Re: Is writing to /dev/ramdom a security flaw (vserver project)"