From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#22202: 24.5;
	SECURITY ISSUE -- Emacs Server vulnerable to random number generator
	attack on Windows systems
Date: Fri, 15 Jan 2016 11:55:11 +0200
Message-ID: <83r3hjf9q8.fsf@gnu.org>
References: <CAPM58ojkc5zNp3TOwsTGtXV+FSkmFRZ+PdhW2w=mLdrgsNuZsQ@mail.gmail.com>
	<83lh8ddy45.fsf@gnu.org>
	<CAPM58ohO-FoM8+niHd43bq7GX2dvBkBiLNMthnBXsTyBhRQWxg@mail.gmail.com>
	<8760zh81oo.fsf@isaac.fritz.box>
	<CAPM58ogeYY3aggKi=7tPDfxoFdmh58fN_tAcPDjHsQW0WdY9ow@mail.gmail.com>
	<83mvssc4ix.fsf@gnu.org>
	<CAPM58og228ywWcOcTzHwzo9-cceossV2FtDciup6sAWhDiZjMg@mail.gmail.com>
	<1451581478.15612.5.camel@gmail.com> <834meybf2v.fsf@gnu.org>
	<CAPM58ogzBhE=ZrLMcx9yjdZi8QU32c_1fMxQmy+kPfex0SP75Q@mail.gmail.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1452851782 3407 80.91.229.3 (15 Jan 2016 09:56:22 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 15 Jan 2016 09:56:22 +0000 (UTC)
Cc: demetriobenour@gmail.com, deng@randomsample.de, 22202-done@debbugs.gnu.org
To: Richard Copley <rcopley@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Jan 15 10:56:11 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aK174-0002DR-Hv
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 15 Jan 2016 10:56:10 +0100
Original-Received: from localhost ([::1]:46132 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aK174-0004w1-1F
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 15 Jan 2016 04:56:10 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:59823)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aK170-0004vk-CK
	for bug-gnu-emacs@gnu.org; Fri, 15 Jan 2016 04:56:07 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aK16w-0004nT-Bf
	for bug-gnu-emacs@gnu.org; Fri, 15 Jan 2016 04:56:06 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:33191)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aK16w-0004nO-8A
	for bug-gnu-emacs@gnu.org; Fri, 15 Jan 2016 04:56:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aK16w-00088q-3L
	for bug-gnu-emacs@gnu.org; Fri, 15 Jan 2016 04:56:02 -0500
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 15 Jan 2016 09:56:01 +0000
Resent-Message-ID: <handler.22202.D22202.145285172731242.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 22202
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Mail-Followup-To: 22202@debbugs.gnu.org, eliz@gnu.org, demetriobenour@gmail.com
Original-Received: via spool by 22202-done@debbugs.gnu.org id=D22202.145285172731242
	(code D ref 22202); Fri, 15 Jan 2016 09:56:01 +0000
Original-Received: (at 22202-done) by debbugs.gnu.org; 15 Jan 2016 09:55:27 +0000
Original-Received: from localhost ([127.0.0.1]:49643 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aK16M-00087p-R3
	for submit@debbugs.gnu.org; Fri, 15 Jan 2016 04:55:27 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:40475)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <eliz@gnu.org>) id 1aK16L-00087a-FP
	for 22202-done@debbugs.gnu.org; Fri, 15 Jan 2016 04:55:25 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1aK16C-0004V3-2x
	for 22202-done@debbugs.gnu.org; Fri, 15 Jan 2016 04:55:20 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:35254)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1aK16B-0004Uz-Vd; Fri, 15 Jan 2016 04:55:16 -0500
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4797
	helo=HOME-C4E4A596F7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1aK16B-0001sF-5N; Fri, 15 Jan 2016 04:55:15 -0500
In-reply-to: <CAPM58ogzBhE=ZrLMcx9yjdZi8QU32c_1fMxQmy+kPfex0SP75Q@mail.gmail.com>
	(message from Richard Copley on Thu, 31 Dec 2015 19:49:42 +0000)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:111633
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/111633>

> From: Richard Copley <rcopley@gmail.com>
> Date: Thu, 31 Dec 2015 19:49:42 +0000
> Cc: Demetrios Obenour <demetriobenour@gmail.com>, David Engster <deng@randomsample.de>, 
> 	22202@debbugs.gnu.org
> 
> >> That last patch would still improve matters. The user would have
> >> to be publishing the output of their PRNG to begin with in order
> >> for the attacker to analyse it and guess the seed. (I don't know
> >> how one could do that but that's no proof that it's impossible.)
> >
> >I don't even understand how that could be possible.
> 
> Me either, but that doesn't make it impossible. (There are articles
> on the web demonstrating such feats, if you're interested.)
> 
> >> What Demetri has just described is what I would do.
> >
> >Now I'm confused: do what?
> 
> As I understand it: Provide a function callable from lisp that returns
> a cryptographically secure sequence of random bytes, of a specified
> length. Use that function to generate the server secret.

That'd be an enhancement, not a bug.  Patches to provide such an API
are welcome, now that the infrastructure exists both on Posix hosts
and on MS-Windows (see below), the rest should be easy: one just needs
to follow the established APIs in other Lisp-like environments, I
think.

> >We still need to support 'random' with an
> >argument, so we cannot get rid of seeding a PRNG with a known value.
> >And I didn't want to remove srandom.
> 
> Given the above, we could leave "random", etc., as they are, or we
> could use a better PRNG and/or seed with system entropy. It would
> no longer be tied up with this issue report.

I preferred to make it possible to pass a cryptographically secure
byte stream to 'srandom' instead.  See commit 3ffe81e on the emacs-25
branch.  This leaves the basic 'random' functionality intact, so no
Lisp packages should be affected.

I'm therefore marking this bug as done.  Thanks for the feedback.