Brandeburg, Jesse wrote:
quoted text
> we've been hearing rumblings of big customers wanting (maybe requiring)
> wired network drivers from Intel to  advertise this flag.  Jeff have you
> heard of such?

I do indeed hear requests all the time, from people who want to make 
their boxes externally exploitable.  :)


quoted text
> I think the argument is that a headless system (no keyboard/mouse, no
> soundcard, probably no video) with a libata based driver and a network
> driver without IRQF_SAMPLE_RANDOM has *no* sources of entropy.  In this
> case the argument is very strong for at least *some* source of entropy
> from interrupts so that randomness can get some external input.  Just
> try rebuilding a kernel RPM over an ssh session and you'll see what I
> mean.

There are entropy sources on a headless box, even one without audio and 
video, that are more secure than adding IRQF_SAMPLE_RANDOM to network 
drivers.

EGD demonstrates this, for example:  http://egd.sourceforge.net/  It 
looks at snmp, w, last, uptime, iostats, vmstats, etc.

And there are plenty of untapped entropy sources even so, such as 
reading temperature sensors, fan speed sensors on variable-speed fans, etc.

Heck, "smartctl -d ata -a /dev/FOO" produces output that could be hashed 
and added as entropy.

I'm interested to hear peoples' opinion of Chris P's patch, but 
definitely do not want to go in the other direction and start adding 
IRQF_SAMPLE_RANDOM, thus moving randomness in the direction of being 
externally exploitable.

	Jeff



--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/