Your message dated Tue, 02 Aug 2011 18:54:41 +0200 (CEST) with message-id <[email protected]> and subject line Re: ibc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy has caused the Debian Bug report #636266, regarding libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 636266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636266 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libc6 Version: 2.13-10 Severity: normal fopen()/fread() is used by some software packages (I noticed it via ECL) to read data from /dev/urandom. But fread() reads more bytes than specified (rounded up to 4096!), thereby decreasing the available entropy by a large amount. To test, compile this program: #include <stdio.h> void main() { FILE *fh; fh = fopen("/dev/urandom", "r"); fread(&fh, 1, 1, fh); } and run via strace: ... brk(0x1e64000) = 0x1e64000 open("/dev/urandom", O_RDONLY) = 3 fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7ffff68dbb60) = -1 EINVAL (Invalid argument) mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fac45b34000 read(3, "\242\261\204\215\221\313\253#\336\355\336u\37\3Gl\374 \332\301\271\363Z\327\[email protected]\324\305"..., 4096) = 4096 This is a bug IMO; with urandom it discards a lot of entropy, and with random it might cause hangs. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libc6 depends on: ii libc-bin 2.13-10 Embedded GNU C Library: Binaries ii libgcc1 1:4.6.1-4 GCC support library libc6 recommends no packages. Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy pn glibc-doc <none> (no description available) ii locales 2.13-10 Embedded GNU C Library: National L -- debconf information: * glibc/upgrade: true glibc/disable-screensaver: glibc/restart-failed: * glibc/restart-services: ssh postfix openbsd-inetd cups cron atd apache2
--- End Message ---
--- Begin Message ---> fopen()/fread() is used by some software packages (I noticed it via ECL) to > read data from /dev/urandom. So fix/report bug against these packages. Iff the application does not want to use buffered io, just ask for it - add "setbuf(fh, NULL)". Your sample program should be #include <stdio.h> void main() { FILE *fh; fh = fopen("/dev/urandom", "r"); setbuf(fh, NULL); fread(&fh, 1, 1, fh); } Petr
--- End Message ---
