On Fri, 30 Aug 2002, Jonathan Amery wrote:
>Date: Fri, 30 Aug 2002 13:58:43 +0100
>From: Jonathan Amery <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], debian-x@lists.debian.org
>Subject: Re: a small C program to test xdm's /dev/mem reading on your
>architecture
>
In article <[EMAIL PROTECTED]> Branden writes:
>> I can't believe he actually intends to keep it like this..
>I'm going to #define DEV_RANDOM /dev/random for Linux systems.
And Debian Hurd? Or does the Hurd not have /dev/random or /dev/urandom?
I suspect that /dev/urandom may be the better cho
In article <[EMAIL PROTECTED]> Kusti writes:
>I believe the /dev/mem gets read only in systems where no /dev/(u)random
>exists.
Actually, the standard configuration is that /dev/mem is read. The
code to read from /dev/(u)random isn't activated in any situation in
the standard upstream X distrib
[Apologies to readers of debian-sparc, who have already received a copy of this]
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] write:
[XDM randomness]
>/dev/random? /dev/urandom? You are kidding. This randmomness is used
>to create authorisation cookies for X which in my understanding provide
Marcus Brinkmann <[EMAIL PROTECTED]> writes:
> You are mistaken. Do yourself a favour and get a book about (pseudo)
> random number generators, entropy, hash functions and cryptography.
> If you don't start with random numbers, you can turn the numbers upside
> down, it won't get any more random t
Hello !
This programm works on
20164 (LX) running Debian/GNU Linux (Woody)
20164 (dual) running Digital Unix (using Compaq C-Compiler)
20264 (XP1000) running Linux
Greetings
Helge
--
Helge Kreutzmann, Dipl.-Phys. [EMAIL PROTECTED]
gpg signed mail preferredgpg
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> >
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
>
> That's bad, because tha
On Mon, Aug 26, 2002 at 02:44:26PM -0500, Branden Robinson wrote:
> On Mon, Aug 26, 2002 at 03:28:18PM -0400, Jeff Sheinberg wrote:
> > Why does anyone need to read megabytes of urandom?
>
> Nobody does. Or, at least, xdm doesn't. Markus is opining without the
> benefit of having checked the fac
On Mon, Aug 26, 2002 at 02:43:09PM -0500, Branden Robinson wrote:
> xdm doesn't read the same amount of data when it's reading from a
> (presumably) entropic device node.
I didn't assume that.
> It reads eight size_t's. Surely that is not excessive.
It's eight size_t's good entropy wasted for n
On Mon, Aug 26, 2002 at 03:28:18PM -0400, Jeff Sheinberg wrote:
> Why does anyone need to read megabytes of urandom?
Nobody does. Or, at least, xdm doesn't. Markus is opining without the
benefit of having checked the facts.
--
G. Branden Robinson| What influenced me to athe
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> >
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
>
> That's bad, because tha
Marcus Brinkmann writes:
> On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > > I can't believe he actually intends to keep it like this..
> >
> > I'm going to #define DEV_RANDOM /dev/random for Linux systems.
>
> That's bad, because that will drain the entropy a lot, and
On Mon, Aug 26, 2002 at 08:16:06PM +0100, Matthew Wilcox wrote:
> On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> > Also, reading /dev/mem doesn't sound very secure at all (even if it works)
> > because the patterns in the memory of a computer are probably predictable
> > and a
On Mon, Aug 26, 2002 at 09:10:54PM +0200, Marcus Brinkmann wrote:
> Also, reading /dev/mem doesn't sound very secure at all (even if it works)
> because the patterns in the memory of a computer are probably predictable
> and a lot of information can be observed from the outside (which processes
> a
On Mon, Aug 26, 2002 at 12:50:22PM -0500, Branden Robinson wrote:
> > I can't believe he actually intends to keep it like this..
>
> I'm going to #define DEV_RANDOM /dev/random for Linux systems.
That's bad, because that will drain the entropy a lot, and it might
block for a long time, and that f
On Mon, Aug 26, 2002 at 10:23:06AM -0400, Joey Hess wrote:
> matthew green wrote:
> > bad ideas often hang around for a long time. the only surprising
> > thing to me is how long this one has taken to surface...
>
> Perhaps Branden is gathering information about what a bad idea this
> really is,
On Mon, Aug 26, 2002 at 09:06:00AM -0400, Carlos O'Donell wrote:
> Done. I've submitted the output for HPPA boxes running 32 and 64-bit
> kernels. Looks like they pass without any problem. I'll pass on the
yes, but it may well crash them. some parts of /dev/mem map random IO
addresses which may
matthew green wrote:
> bad ideas often hang around for a long time. the only surprising
> thing to me is how long this one has taken to surface...
Perhaps Branden is gathering information about what a bad idea this
really is, to show upstream the error of their ways. I can't believe he
actually i
Branden,
> The long story, for those interested:
> http://lists.debian.org/debian-x/2002/debian-x-200208/msg00091.html
> (and read the whole thread)
> The short story:
> I need people with root on machines of your given architecture to
> compile and run the attached C program. It consists of cod
matthew green <[EMAIL PROTECTED]> writes:
> my point is that on modern systems we simply should not read
> from /dev/mem for these purposes _ever_.
It would make some sense to read all the physical memory in the
machine. Unfortunately, I'm not aware of any reasonably way to do
that. Reading /dev/
Previously Kimmo K. I. Surakka wrote:
> I think the "safe" way of getting random data without a decent random
> source would be to write one. This, however, would be more that just
> a small patch.
There is existing code to generate randomness from userland, look at
what current OpenSSH does for e
> On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
> > actually, i hadn't, but there wasn't very much there besides the
> > fact that people found it was xdm reading /dev/mem and a small
> > patch for debian to enable /dev/random (i'd suggest /dev/urandom).
>
> If any of these it shou
Filip Van Raemdonck <[EMAIL PROTECTED]> wrote:
> On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
> > actually, i hadn't, but there wasn't very much there besides the
> > fact that people found it was xdm reading /dev/mem and a small
> > patch for debian to enable /dev/random (i'd sug
On Mon, 26 Aug 2002 17:04:26 +1000
"matthew green" <[EMAIL PROTECTED]> wrote:
> actually, i hadn't, but there wasn't very much there besides the
> fact that people found it was xdm reading /dev/mem and a small
> patch for debian to enable /dev/random (i'd suggest /dev/urandom).
>
> my point is th
Hi,
On Mon, Aug 26, 2002 at 05:04:26PM +1000, matthew green wrote:
>
> > > why don't you use /dev/urandom if it exists, as it does on pretty
> > > much all modern UNIX platforms?
> >
> > I see you haven't read the thread.
>
>
> actually, i hadn't, but there wasn't very much there besides the
Hello !
I'll run it later on different alphas, but I checked it on a
ppc-machine running AIX if this is of any interest to you:
[EMAIL PROTECTED]: /root # ./readmem.aix.x
Reading data from /dev/mem...
read #2 of 8192 bytes
...
read #1024 of 8192 bytes
done with read of /dev/mem (returned 1).
su
On Mon, Aug 26, 2002 at 04:28:38PM +1000, matthew green wrote:
> wow, this is such a bad idea.
It originated upstream.
mmm, xdm.
In fact, judging by CVS logs it has been in xdm's source for many, many
years.
bad ideas often hang around for a long time. the only surpris
On Mon, Aug 26, 2002 at 04:28:38PM +1000, matthew green wrote:
> wow, this is such a bad idea.
It originated upstream.
In fact, judging by CVS logs it has been in xdm's source for many, many
years.
> why don't you use /dev/urandom if it exists, as it does on pretty
> much all modern UNIX platfor
Be warned: on at least some architectures (notably IA-64), this sort of
read has been known to cause untrapped machine checks (a.k.a., lockups
or spontaneous reboots). Arguably the kernel should trap this sort of
nonsense, so you may be in the mood to file a bug against "kernel" af
The long story, for those interested:
http://lists.debian.org/debian-x/2002/debian-x-200208/msg00091.html
(and read the whole thread)
The short story:
I need people with root on machines of your given architecture to
compile and run the attached C program. It consists of code borrowed
from xdm
30 matches
Mail list logo
