On Wed, 9 Jan 2019, Theodore Y. Ts'o wrote: > On Wed, Jan 09, 2019 at 09:58:22AM +0100, Stefan Fritsch wrote: > > > > There have been a number of bug reports and blog posts about this, despite > > buster not being release yet. So it's not that uncommon. > > Pointers, please? Let's see them and investigate. The primary issue > I've been aware of to date has been on Fedora systems, and it's due to > some Red Hat specific changes that they made for FEDRAMP compliance > --- and Red Hat has dealt with those issues. > > If there are problems for people using Debian Testing, we should > investigate them and understand what is going on.
Some other people already have sent you a few pointers (thanks!). The reason why I am looking into this is that it affects apache2 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914297 ). Apache does not call getrandom itself but libssl does, and it definitely needs secure randomness for diffie-hellman. So there is nothing that can or should be fixed in apache. More links are at the end of https://lists.debian.org/debian-devel/2018/12/msg00184.html Also, the thread on debian-kernel pointed to by Ben Hutchings is an interesting read, I had not noticed that before. > > No, that's utterly wrong. If it's a hassle to use good entropy, people > > will use gettimeofday() for getting "entropy" and they will use it for > > security relevant purposes. In this way, you would achieve exactly the > > opposite of what you want. > > If *users* do this, then if they end up releasing credit card numbers > or PII or violate their customers privacy which brings the EU's GDPR > enforcers down on then, it's on *their* heads. If *Debian* makes a > local Debian-specific change which causes these really bad outcomes, > then it's on *ours*. Since many users and developers will take the shortest path to a "working" service, we must make sure that the secure way just works. > > Any program that does secure network connections needs entropy for > > Diffie-Hellman. And even seeds for hash buckets can be security relevant. > > You really don't want that people need to distinguish between > > security-critical and stupid uses of entropy, because they WILL get it > > wrong. > > Sure, this is why developers need to investigate the bugs. You said > you provided links, but I couldn't find any in your e-mail messages or > earlier ones on this thread. Perhaps I missed them; in which case, my > apologies. Can you please send/resend those links? > > Can you please prioritize reports from people running Debian Unstable > or Debain Testing? As I said above, these issues tend to be very > distro specific, especially when distros are messing around with > crypto-related libraries in order to keep the US Government happy. As far as I can see, all reports are from unstable/testing only, because stable does not cause getrandom() to block (see https://lists.debian.org/debian-release/2018/05/msg00130.html ).
