/dev/random vs. /dev/urandom and the krb5 test suite

Tom Yu tlyu at MIT.EDU
Thu Jun 18 15:21:09 EDT 2009

Simo Sorce <ssorce at redhat.com> writes:

> On Thu, 2009-06-18 at 14:45 -0400, Sam Hartman wrote:
>> >>>>> "Simo" == Simo Sorce <ssorce at redhat.com> writes:
>>     Simo> Wouldn't it make more sense to have an environment variable
>>     Simo> used only during tests ?
>> I'm much more comfortable with the implications of introducing a
>> config file options than environment variables.  Environment variables
>> tend to get set by things like telnet, ssh, etc and have a checkered
>> security history.
> Sorry I thought this applied only to krb5kdc/kadmind, not to
> libraries/user tools.
> Your concerns make sense to me, although, if you environment is poisoned
> I think you have more pressing problems to care about :)

I'm leaning toward checking an environment variable inside these two

* Environment variables tend to have a checkered security history,
  like Sam says.

* Checking an environment variable is far easier to implement.

* If we implement by checking an environment variable in these two
  programs to determine whether to read strong random numbers, it
  localizes the risk to an administrator running the command while
  having a specific environment variable set.  IMHO, administrators
  should take care to keep their environment clean, especially while
  performing security-critical operations.

More information about the krbdev mailing list