From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Paul Eggert Newsgroups: gmane.emacs.bugs Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems Date: Mon, 18 Jan 2016 21:34:12 -0800 Organization: UCLA Computer Science Department Message-ID: <569DCAD4.30606@cs.ucla.edu> References: <569BF8F7.3090904@cs.ucla.edu> <83fuxuevs2.fsf@gnu.org> <569D5004.5080701@cs.ucla.edu> <83h9iad26y.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1453181724 6855 80.91.229.3 (19 Jan 2016 05:35:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 19 Jan 2016 05:35:24 +0000 (UTC) Cc: rcopley@gmail.com, 22202@debbugs.gnu.org, deng@randomsample.de To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 19 06:35:12 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aLOwh-0002uX-W6 for geb-bug-gnu-emacs@m.gmane.org; Tue, 19 Jan 2016 06:35:12 +0100 Original-Received: from localhost ([::1]:35137 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aLOwh-0000aO-3P for geb-bug-gnu-emacs@m.gmane.org; Tue, 19 Jan 2016 00:35:11 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:54595) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aLOwd-0000Zz-4i for bug-gnu-emacs@gnu.org; Tue, 19 Jan 2016 00:35:07 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aLOwY-00085U-3A for bug-gnu-emacs@gnu.org; Tue, 19 Jan 2016 00:35:07 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:36855) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aLOwY-00085I-08 for bug-gnu-emacs@gnu.org; Tue, 19 Jan 2016 00:35:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aLOwX-0006Ts-Pa for bug-gnu-emacs@gnu.org; Tue, 19 Jan 2016 00:35:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 19 Jan 2016 05:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 22202 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 22202-submit@debbugs.gnu.org id=B22202.145318166124856 (code B ref 22202); Tue, 19 Jan 2016 05:35:01 +0000 Original-Received: (at 22202) by debbugs.gnu.org; 19 Jan 2016 05:34:21 +0000 Original-Received: from localhost ([127.0.0.1]:53308 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aLOvt-0006Sq-KZ for submit@debbugs.gnu.org; Tue, 19 Jan 2016 00:34:21 -0500 Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:54004) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aLOvr-0006Sd-P7 for 22202@debbugs.gnu.org; Tue, 19 Jan 2016 00:34:20 -0500 Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id E36F5160E67; Mon, 18 Jan 2016 21:34:13 -0800 (PST) Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id Jw7KppiUVhAb; Mon, 18 Jan 2016 21:34:13 -0800 (PST) Original-Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 2FFDE160E6B; Mon, 18 Jan 2016 21:34:13 -0800 (PST) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id qxZemAbncf1F; Mon, 18 Jan 2016 21:34:13 -0800 (PST) Original-Received: from [192.168.1.9] (pool-100-32-155-148.lsanca.fios.verizon.net [100.32.155.148]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id F3746160E67; Mon, 18 Jan 2016 21:34:12 -0800 (PST) User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 In-Reply-To: <83h9iad26y.fsf@gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:111731 Archived-At: Eli Zaretskii wrote: > We all silently fix blunders and other trivial problems; this wasn't one of > them. I thought it a trivial matter; evidently I was mistaken. My apologies. > AFAICS, we close the file descriptor as soon as we finished reading. > So unless GnuTLS initialization is run in another thread, there won't > be 2 descriptors at the same time. GnuTLS keeps /dev/urandom open indefinitely. If Emacs opens /dev/urandom independently it can have two file descriptors open to the same file. Yes, it's not a huge deal performance-wise; but it is strange, and when doing security audits it will be one more thing to explain. > But where we need to seed our own PRNG, we better had a good idea of > what we do and what kind of randomness we get. Any worries we might have about GnuTLS's randomness apply with equal force to /dev/urandom's. After all, /dev/urandom is not guaranteed to be random. Really, though, if we can't trust GnuTLS to give us random data, we should not trust it for communications security at all. Nonces are that basic. > So what is special about GnuTLS? GnuTLS already has the random data we need; other libraries don't. I installed the documentation patch, since it does seem a minor improvement. Yes, the doc could have been improved ages ago, but late is better than never.