Bugtraq mailing list archives
[patch] fix for urandom read(2) not interruptible
From: andrea () E-MIND COM (Andrea Arcangeli)
Date: Sun, 27 Dec 1998 20:40:32 +0100
After having read phrak54 about Linux /dev/u?random (and this is the reason I am CCing also to bugtraq ;), I was playing a bit with the random driver it and I noticed that was difficult to kill `dd if=/dev/urandom of=/dev/null bs=100000k count=20000' once started ;)). The machine was eavily loaded and the process was unkillable and I the fastest thing to restore the system is been a reset... It's a bug in random.c that doesn' t check for signal pending inside the read(2) code, so you have no chance to kill the process via signals until the read(2) syscall is finished, and it could take a lot of time before return, if the buffer given to the read syscall is very big... Here the fix against 2.1.132: Index: linux/drivers/char/random.c diff -u linux/drivers/char/random.c:1.1.1.1 linux/drivers/char/random.c:1.1.1.1.2.3 --- linux/drivers/char/random.c:1.1.1.1 Fri Nov 20 00:02:25 1998 +++ linux/drivers/char/random.c Sun Dec 27 20:19:16 1998 @@ -232,6 +232,11 @@ * Eastlake, Steve Crocker, and Jeff Schiller. */ +/* + * Added a check for signal pending in the extract_entropy() loop to allow + * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli + */ + #include <linux/utsname.h> #include <linux/config.h> #include <linux/kernel.h> @@ -1269,7 +1274,14 @@ buf += i; add_timer_randomness(r, &extract_timer_state, nbytes); if (to_user && current->need_resched) + { + if (signal_pending(current)) + { + ret = -EINTR; + break; + } schedule(); + } } /* Wipe data just returned from memory */ And here a fix against 2.0.36: --- linux/drivers/char/random.c.orig Sun Dec 27 20:22:53 1998 +++ linux/drivers/char/random.c Sun Dec 27 20:24:17 1998 @@ -226,6 +226,11 @@ * Eastlake, Steve Crocker, and Jeff Schiller. */ +/* + * Added a check for signal pending in the extract_entropy() loop to allow + * the read(2) syscall to be interrupted. Copyright (C) 1998 Andrea Arcangeli + */ + #include <linux/config.h> /* CONFIG_RST_COOKIES and CONFIG_SYN_COOKIES */ #include <linux/utsname.h> #include <linux/kernel.h> @@ -1004,7 +1009,14 @@ buf += i; add_timer_randomness(r, &extract_timer_state, nbytes); if (to_user && need_resched) + { + if (signal_pending(current)) + { + ret = -EINTR; + break; + } schedule(); + } } /* Wipe data from memory */ Andrea Arcangeli
Current thread:
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Ulf Munkedal (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service David Schwartz (Dec 23)
- The grand-son of Cuartango Hole aleph1 () UNDERGROUND ORG (Dec 23)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Guido van Rooij (Dec 24)
- lame old finger bounce bug still exists in sparc 2.7 spoon (Dec 26)
- Breeze Network Server remote reboot and other bogosity. //Stany (Dec 26)
- [patch] fix for urandom read(2) not interruptible Andrea Arcangeli (Dec 27)
- Re: CERT Advisory CA-98.13 - TCP/IP Denial of Service Jeff Roberson (Dec 28)
- Oracle8 TNSLSNR DoS Jason Ackley (Dec 28)
- ssh2 security problem (and patch) (fwd) Darren Reed (Dec 29)
- Comparison of THC-SCAN v2.0 with Sandstorm PhoneSweep 1.02 Simson L. Garfinkel (Dec 29)
- Local/remote exploit for SCO UNIX. leshka (Dec 29)
- followup on yahoo pager security problem Neulinger, Nathan R. (Dec 29)
- Nmap 2.02 released (fwd) Chris Tobkin (Dec 29)
- netscan.org - broadcast ICMP list Troy Davis (Dec 29)
- Administrivia Aleph One (Dec 30)