On Wed, 2011-09-07 at 15:30 -0400, Jarod Wilson wrote:
> Sasha Levin wrote:
> > On Wed, 2011-09-07 at 14:26 -0400, Jarod Wilson wrote:
> >> Sasha Levin wrote:
> >> [..] And anything done in
> >> userspace is going to be full of possible holes [..]
> >
> > Such as? Is there an example of a case which can't be handled in
> > userspace?
> 
> How do you mandate preventing reads from urandom when there isn't 
> sufficient entropy? You likely wind up needing to restrict access to the 
> actual urandom via permissions and selinux policy or similar, and then 
> run a daemon or something that provides a pseudo-urandom that brokers 
> access to the real urandom. Get the permissions or policy wrong, and 
> havoc ensues. An issue with the initscript or udev rule to hide the real 
> urandom, and things can fall down. Its a whole lot more fragile than 
> this approach, and a lot more involved in setting it up.

Replace /dev/urandom with a simple CUSE driver, redirect reads to the
real urandom after applying your threshold.

-- 

Sasha.

--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to