From: Eli Zaretskii <eliz@gnu.org>
To: Paul Eggert <eggert@cs.ucla.edu>
Cc: rcopley@gmail.com, 22202@debbugs.gnu.org, deng@randomsample.de
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Mon, 18 Jan 2016 17:45:33 +0200 [thread overview]
Message-ID: <83fuxuevs2.fsf@gnu.org> (raw)
In-Reply-To: <569BF8F7.3090904@cs.ucla.edu> (message from Paul Eggert on Sun, 17 Jan 2016 12:26:31 -0800)
> From: Paul Eggert <eggert@cs.ucla.edu>
> Cc: 22202@debbugs.gnu.org, Richard Copley <rcopley@gmail.com>,
> demetriobenour@gmail.com, deng@randomsample.de
> Date: Sun, 17 Jan 2016 12:26:31 -0800
>
> Eli, thanks for improving the initial seed for (random t) in Emacs. I noticed that with this change, my Emacs was opening /dev/urandom twice, because GnuTLS does something similar during startup. Also, it was reading more data from /dev/urandom than it needed, due to stdio buffering. So I installed the attached patch, which defers to GnuTLS and falls back on doing things by hand (without stdio) only if GnuTLS is not available or fails. I assume this approach works under MS-Windows; if not please let me know and I'll try to fix it.
I wish we'd discuss such things before committing and not after.
What's the rush? It's not like Emacs was broken or something. It
just isn't worth it.
More to to the point, the more I think about this, the less I like
this change. Here's why:
. I see nothing wrong with having 2 (or more) independent reads from
/dev/urandom:
. GnuTLS is a separate library, so it's free to do that for its
own purposes; we shouldn't care. Besides, what if tomorrow
there will be a 3rd library that would need to access
/dev/urandom?
. Reading from /dev/urandom never blocks, so doing this one more
time during startup should be a non-issue.
. Calling gnutls_rnd makes Emacs dependent on GnuTLS in ways that we
don't necessarily want: GnuTLS is a library for TLS, not for
cryptography. What that function does on each platform is not
documented anywhere in the GnuTLS manual that I could see; I
needed to read the sources to find out. What if tomorrow GnuTLS
changes its implementation? They are a separate project, they are
not under any obligation to tell us.
. This change means that we now load GnuTLS at startup, even if no
TLS connections are or will be used. Why should we unnecessarily
bloat our memory footprint, even in minor ways?
. It breaks the Windows build -- since GnuTLS is dynamically loaded
on Windows, any GnuTLS function must be called through macros set
up in gnutls.c, which sysdep.c knows nothing about. (This is
relatively simple to fix, but doing so requires adding yet more
ugly #ifdef's to an already not-so-pretty little mess.)
So I tend to just say NO here. Let's use the relatively simple code
we had before (with your I/O changes, I don't object to those, of
course), and leave GnuTLS to its own devices. WDYT?
> Would you mind if I removed the newly-added details about current time and process ID from the documentation? The idea is that this is internal implementation detail that users should not rely on.
I didn't really add anything: the fact that we used time and PID was
spelled out in the function's doc string for the last 20-odd years. I
just added that to the ELisp manual, to make it more consistent with
the doc string, and also because it's hard to tell that we are using
system entropy when available without saying anything about what we do
when it isn't. (And IMO we should mention the system entropy because
that's an important feature users should know about.)
Why is it suddenly a concern that users will know that we use time and
PID as fallback?
next prev parent reply other threads:[~2016-01-18 15:45 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-18 10:05 bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems Demetri Obenour
2015-12-18 10:46 ` Eli Zaretskii
2015-12-29 15:36 ` Richard Copley
2015-12-29 16:21 ` Eli Zaretskii
2015-12-29 17:44 ` Richard Copley
2015-12-29 20:00 ` David Engster
2015-12-29 21:22 ` Richard Copley
2015-12-29 22:02 ` David Engster
2015-12-29 23:13 ` Richard Copley
2015-12-30 15:58 ` Eli Zaretskii
2015-12-30 20:47 ` Richard Copley
2015-12-30 20:56 ` Richard Copley
2015-12-30 20:56 ` Eli Zaretskii
2015-12-30 21:15 ` Richard Copley
2015-12-31 14:14 ` Eli Zaretskii
2015-12-31 17:04 ` Demetrios Obenour
2015-12-31 17:24 ` Eli Zaretskii
2015-12-31 17:47 ` Richard Copley
2015-12-31 18:22 ` Eli Zaretskii
2015-12-31 19:20 ` Eli Zaretskii
2015-12-31 19:49 ` Richard Copley
2015-12-31 20:13 ` Eli Zaretskii
2015-12-31 20:44 ` Richard Copley
2016-01-15 9:55 ` Eli Zaretskii
2016-01-17 20:26 ` Paul Eggert
2016-01-18 1:42 ` Paul Eggert
2016-01-18 14:40 ` Richard Copley
2016-01-18 16:05 ` Eli Zaretskii
2016-01-18 16:20 ` Richard Copley
2016-01-18 15:45 ` Eli Zaretskii [this message]
2016-01-18 20:50 ` Paul Eggert
2016-01-18 21:09 ` Eli Zaretskii
2016-01-19 5:34 ` Paul Eggert
2016-01-19 16:24 ` Eli Zaretskii
2016-01-19 17:03 ` John Wiegley
2016-01-19 17:38 ` Paul Eggert
2016-01-19 18:44 ` Eli Zaretskii
2016-01-19 17:07 ` Paul Eggert
2016-01-19 18:16 ` Eli Zaretskii
2016-01-20 0:39 ` Paul Eggert
2016-01-18 12:04 ` Andy Moreton
2016-01-18 15:57 ` Eli Zaretskii
2016-01-18 23:03 ` John Wiegley
2016-01-19 21:48 ` Andy Moreton
2016-01-20 3:31 ` Glenn Morris
2016-01-20 14:06 ` Andy Moreton
2016-01-20 14:12 ` Eli Zaretskii
2016-01-20 15:15 ` Andy Moreton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83fuxuevs2.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=22202@debbugs.gnu.org \
--cc=deng@randomsample.de \
--cc=eggert@cs.ucla.edu \
--cc=rcopley@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).