[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

arc4random and chroot [was Re: [Libevent-users] Fun facts about Libevent 2.0.4-alpha]



On Wed, Mar 3, 2010 at 6:08 PM, William Ahern
<william@xxxxxxxxxxxxxxxxxx> wrote:
> On Wed, Mar 03, 2010 at 04:38:59PM -0500, Nick Mathewson wrote:
>>
>> * Libevent now uses a secure PRNG for the entropy that evdns needs to
>> be secure.  This is arc4random() on platforms that provide it, and our
>> own copy of arc4random() on platforms that don't.  You no longer need
>> to replace the evdns transaction ID or random_bytes functions for
>> security.
>>
>
> I noticed that the compat version will expect to open a /dev randomness
> device to stir. But this looks like it will fail for daemons which chroot. A
> quick grep looks like arc4random_stir() isn't called anywhere (i.e. from a
> libevent init routine).
>
> Two possible solution:
>
> (1) call arc4random_stir() from something which it is reasonable to expect
> the application to call before chroot'ing.
>
> and/or
>
> (2) as Linux is probably by far the most common environment for libevent,
> first try to grab bytes from sysctl. here's the relevant snippet from my own
> portable arc4random implemention:

I'm not sure that the first approach is feasible; if you're using
libevent and chrooting, there really is no Libevent function that
you're guaranteed to call before a chroot.  I've decided to go with a
mixed approach based on your 2 and an additional 3.

(2') Try the Linux sysctl as well as the OpenBSD sysctl as well as
/dev/urandom on Unix boxen (where chroot matters).

(3) Tell people that if they need to chroot and they need to use
libevent in a way that requires a strong RNG, they need to initialize
the RNG before they chroot.  They can do this by calling
evutil_secure_rng_init() and checking that the return value is zero.

I've implemented both of these in a git branch called "arc4seed" at my
personal repository at git://github.com/nmathewson/Libevent.git .
Please have a look and let me know what you think?  I've only tried it
out on my Linux desktop; the BSD code (which uses the KERN_ARAND
syscall) might need some love, and I might even have broken the
windows stuff somehow.

yrs,
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.