/dev/random vs. /dev/urandom and the krb5 test suite
Simo Sorce
ssorce at redhat.com
Thu Jun 18 15:57:12 EDT 2009
On Thu, 2009-06-18 at 12:33 -0700, Russ Allbery wrote:
> Given all the problems that MIT Kerberos has had with causing security
> bugs in other packages due to the handling of KRB5_CONFIG, I think this
> is a bad decision and a bad set of assumptions. It's easier than it
> might look for a person's environment variables to leak. It's rather
> plausible, for example, for someone to set such an environment variable
> for testing, forget about it, su and do an aptitude upgrade, and end up
> restarting inetd with that environment variable set, at which point it
> can then get inherited by other login sessions.
Russ, I think that if you set a test environment variable as root and on
a production KDC machine, and then go on a perform maintenance task from
the same shell, then there is something very wrong in your procedures.
The env variable would probably be set just by scripts that run the
tests (it would not inherit as you don't set it in your shell) in any
normal case, and will avoid creating special krb5.conf files or to
change the system config file where the option may persist for a long
time across reboots and restarts.
Just my 2c,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list