From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems Date: Thu, 31 Dec 2015 19:24:52 +0200 Message-ID: <83bn96bkez.fsf@gnu.org> References: <83lh8ddy45.fsf@gnu.org> <8760zh81oo.fsf@isaac.fritz.box> <83mvssc4ix.fsf@gnu.org> <1451581478.15612.5.camel@gmail.com> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1451582730 13035 80.91.229.3 (31 Dec 2015 17:25:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 31 Dec 2015 17:25:30 +0000 (UTC) Cc: rcopley@gmail.com, 22202@debbugs.gnu.org, deng@randomsample.de To: Demetrios Obenour Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Dec 31 18:25:12 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aEgyN-0008EW-Um for geb-bug-gnu-emacs@m.gmane.org; Thu, 31 Dec 2015 18:25:12 +0100 Original-Received: from localhost ([::1]:56376 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEgyN-0007Hp-BQ for geb-bug-gnu-emacs@m.gmane.org; Thu, 31 Dec 2015 12:25:11 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38528) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEgyI-0007FY-S4 for bug-gnu-emacs@gnu.org; Thu, 31 Dec 2015 12:25:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aEgyE-00058H-3q for bug-gnu-emacs@gnu.org; Thu, 31 Dec 2015 12:25:06 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44306) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEgyE-00057y-0H for bug-gnu-emacs@gnu.org; Thu, 31 Dec 2015 12:25:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aEgyD-0004qe-SX for bug-gnu-emacs@gnu.org; Thu, 31 Dec 2015 12:25:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 31 Dec 2015 17:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22202 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 22202-submit@debbugs.gnu.org id=B22202.145158266418582 (code B ref 22202); Thu, 31 Dec 2015 17:25:01 +0000 Original-Received: (at 22202) by debbugs.gnu.org; 31 Dec 2015 17:24:24 +0000 Original-Received: from localhost ([127.0.0.1]:51908 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEgxc-0004pe-0c for submit@debbugs.gnu.org; Thu, 31 Dec 2015 12:24:24 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:47378) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aEgxa-0004pS-Iu for 22202@debbugs.gnu.org; Thu, 31 Dec 2015 12:24:23 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aEgxQ-0004kf-UU for 22202@debbugs.gnu.org; Thu, 31 Dec 2015 12:24:17 -0500 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:32851) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aEgxQ-0004kb-RS; Thu, 31 Dec 2015 12:24:12 -0500 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2356 helo=HOME-C4E4A596F7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1aEgxP-0008Oy-Vv; Thu, 31 Dec 2015 12:24:12 -0500 In-reply-to: <1451581478.15612.5.camel@gmail.com> (message from Demetrios Obenour on Thu, 31 Dec 2015 12:04:38 -0500) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:111067 Archived-At: > From: Demetrios Obenour > Cc: David Engster , 22202@debbugs.gnu.org > Date: Thu, 31 Dec 2015 12:04:38 -0500 > > The server secret should be entirely obtained from CryptGenRandom (or > the function RtlGenRandom on which it is based). The server secret is > a cryptographic key and should be generated as such. Using the same > entropy to seed an insecure PRNG and the server secret is a bad idea -- > the server secret could be guessed based on PRNG output. I don't understand what you are saying. server.el doesn't use the secret, it simply invokes the 'random' function several time to generate the authentication key. The secret is used to seed the PRNG during Emacs startup, and it is used only once. Given this description, how can the secret be guessed, and what are the implications of that guess (if indeed it's possible) on the ability of an attacker to control Emacs via the client socket? > It would also be nice to expose a CSPRNG to Lisp on all platforms. I > know that SLIME could use it on Windows, and it would be nice if one > could have a just-do-it API for this purpose. Speed does not matter > much here. Patches are welcome, but they should include the same feature for Posix hosts, probably using /dev/random.