/dev/random vs. /dev/urandom and the krb5 test suite
Tom Yu
tlyu at MIT.EDU
Thu Jun 18 15:21:09 EDT 2009
Simo Sorce <ssorce at redhat.com> writes:
> On Thu, 2009-06-18 at 14:45 -0400, Sam Hartman wrote:
>> >>>>> "Simo" == Simo Sorce <ssorce at redhat.com> writes:
>> Simo> Wouldn't it make more sense to have an environment variable
>> Simo> used only during tests ?
>>
>> I'm much more comfortable with the implications of introducing a
>> config file options than environment variables. Environment variables
>> tend to get set by things like telnet, ssh, etc and have a checkered
>> security history.
>
> Sorry I thought this applied only to krb5kdc/kadmind, not to
> libraries/user tools.
> Your concerns make sense to me, although, if you environment is poisoned
> I think you have more pressing problems to care about :)
I'm leaning toward checking an environment variable inside these two
programs.
* Environment variables tend to have a checkered security history,
like Sam says.
* Checking an environment variable is far easier to implement.
* If we implement by checking an environment variable in these two
programs to determine whether to read strong random numbers, it
localizes the risk to an administrator running the command while
having a specific environment variable set. IMHO, administrators
should take care to keep their environment clean, especially while
performing security-critical operations.
More information about the krbdev
mailing list