Re: Is writing to /dev/ramdom a security flaw (vserver project)

• Next message: David Ford: "Re: [compile bug] 2.4.13-pre4 | i2o_pci.c:165 structure has no member named `pdev'"
• Previous message: Linus Torvalds: "Re: [RFC] New Driver Model for 2.5"
• In reply to: Jacques Gelinas: "Is writing to /dev/ramdom a security flaw (vserver project)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jacques Gelinas wrote:
>Is this a security issue if an administrator of a vserver is allowed to write
>in /dev/random ?

If you're talking about write(2), it should be safe, since the entropy
count is not affected. If you're talking about doing an ioctl(2) on
/dev/random, this is risky (since root can modify the entropy counter),
but it looks like all those code paths are protected by a capability
check, so my guess is that you're probably ok this, too.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: David Ford: "Re: [compile bug] 2.4.13-pre4 | i2o_pci.c:165 structure has no member named `pdev'"
• Previous message: Linus Torvalds: "Re: [RFC] New Driver Model for 2.5"
• In reply to: Jacques Gelinas: "Is writing to /dev/ramdom a security flaw (vserver project)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Oct 23 2001 - 21:00:25 EST