Bernd Schubert <[EMAIL PROTECTED]> writes: > On Saturday 22 April 2006 18:58, Russ Allbery wrote:
>> It would surprise me if this helped at all, since if your understanding >> of what's happening is correct, the hang is from trying to read >> entropy, not just opening the device. > Well, I would call read() 'subsequent operation', see man 2 open > O_NONBLOCK or O_NDELAY > When possible, the file is opened in non-blocking mode. Neither the > open() nor any subsequent opera-tions on the file descriptor which is > returned will cause the calling process to wait. For the han-dling of > FIFOs (named pipes), see also fifo(4). This mode need not have any > effect on files other than FIFOs. > My unix programmers book from W. Richard Stevens also clearly states the > non-blocking open mode is (also) for read and write > operatations. Furthermore, after installing the recompiled packages and > rebooting my system several time, I can confirm that the patch works. Ah, okay, thank you for the information. I didn't realize that that flag did the equivalent of setting the file descriptor non-blocking; I thought it only affected the open itself. That's a good thing to learn. That being said, I don't think this is really the best fix. I'm not at all confident in the security implications of allowing kadmind to proceed with insufficient entropy. Instead, it seems to me that the correct fix would be for kadmind to background itself before going looking for entropy rather than afterwards. That kadmind waits for good entropy before answering requests isn't actually a bug; the real bug is that it blocks the system boot process while doing so. I don't have time just at the moment to check whether this change is easy to make or to work on a patch. If you have a moment to do that, it would be greatly appreciated. Otherwise, I'll try to take a look at this as soon as I have some more free time. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
