LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
From: "Theodore Ts'o" <tytso@mit.edu>
To: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: josh@joshtriplett.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 10/10] drivers/char: Support compiling out the getrandom(2) syscall
Date: Fri, 23 Jan 2015 14:46:10 -0500	[thread overview]
Message-ID: <20150123194610.GD8709@thunk.org> (raw)
In-Reply-To: <87fec26efb0a0e4a8daab238ee39261dca2dc985.1422035184.git.tom.zanussi@linux.intel.com>

On Fri, Jan 23, 2015 at 12:37:16PM -0600, Tom Zanussi wrote:
> Many embedded systems have no use for getrandom, and could benefit
> from the size savings gained by omitting it.  Add a new EXPERT config
> option, CONFIG_GETRANDOM_SYSCALL (default y), to support compiling it
> out.

I'm really not sure this is a good idea.  Even the tiniest embedded
device need secure crypto.  In fact, one could argue that in the case
of the Internet of Things, the tiniests embedded devices
**especially** need secure crypto.  It would be.... unfortunate.... if
the next time North Korea gets upset at the Great Satan, that all of
our light bulbs, refridgerators, cars, heating systems, etc., are
subject to attack.

We know already that home routers are running ancient kernels that are
absolutely no protection whatever.  Is saving a few bytes really worth
potentially opening up a similar attack vector on devices that will
probably be at least an order of magnitude or more numerous than home
routers, and even harder to upgrade once they get out there?

And if you don't have a good random number generator, you really are
*toast*.

It's for this reason that /dev/[u]random were not eligible from being
disabled from the very beginning; it's too much of an attractive
nuisance to a clueless product manager....

	     	  	    	    	 - Ted

  reply	other threads:[~2015-01-23 19:46 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-23 18:37 [PATCH 00/10] tinification: Make memory-access char devices optional Tom Zanussi
2015-01-23 18:37 ` [PATCH 01/10] drivers/char: Support compiling out memory-access char devices Tom Zanussi
2015-01-23 18:37 ` [PATCH 02/10] drivers/char: Support compiling out /dev/mem Tom Zanussi
2015-01-23 18:37 ` [PATCH 03/10] drivers/char: Support compiling out /dev/port Tom Zanussi
2015-01-23 18:37 ` [PATCH 04/10] drivers/char: Support compiling out /dev/null Tom Zanussi
2015-01-23 18:37 ` [PATCH 05/10] drivers/char: Support compiling out /dev/zero Tom Zanussi
2015-01-28 21:07   ` Pavel Machek
2015-01-28 21:51     ` josh
2015-01-28 21:52       ` Pavel Machek
2015-01-28 23:20       ` Tom Zanussi
2015-01-31 23:08         ` Josh Triplett
2015-01-23 18:37 ` [PATCH 06/10] drivers/char: Support compiling out /dev/full Tom Zanussi
2015-01-23 18:37 ` [PATCH 07/10] drivers/char: Support compiling out /dev/random Tom Zanussi
2015-01-23 18:37 ` [PATCH 08/10] drivers/char: Support compiling out /dev/urandom Tom Zanussi
2015-01-23 18:37 ` [PATCH 09/10] drivers/char: Support compiling out /dev/kmsg Tom Zanussi
2015-01-23 18:37 ` [PATCH 10/10] drivers/char: Support compiling out the getrandom(2) syscall Tom Zanussi
2015-01-23 19:46   ` Theodore Ts'o [this message]
2015-01-23 20:04     ` Tom Zanussi
2015-01-23 22:30     ` josh

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150123194610.GD8709@thunk.org \
    --to=tytso@mit.edu \
    --cc=josh@joshtriplett.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tom.zanussi@linux.intel.com \
    --subject='Re: [PATCH 10/10] drivers/char: Support compiling out the getrandom(2) syscall' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).