Bug#636266: libc6: fread() reads more than specified number of bytes
# complex severity 636266 wishlist retitle 636266 libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy tags 636266 + upstream quit Hi Philipp, Ph. Marek wrote: fopen()/fread() is used by some software packages (I noticed it via ECL) to read data from /dev/urandom. But fread() reads more bytes than specified (rounded up to 4096!), thereby decreasing the available entropy by a large amount. Not sure what libc can do about that. Maybe the kernel could say, Please, do not buffer when reading this file and libc could respect that. But fundamentally, buffering is what fread is all about, so as a first step I would suggest reporting the bug to the authors of each program you find this in (after all, the same symptoms show up on other platforms, too). In the C and POSIX standards, the behavior of fread is defined in terms of fgetc. To be reasonably fast and decrease the number of system calls, traditionally fgetc attempts to fill a large buffer when it calls read(). Should fread behave differently? I would find it strange for fread(1, 1) to use a different sequence of system calls from fgetc. Anyway, I agree that this is a problem somewhere. Thanks for reporting it. Ideas welcome. Regards, Jonathan Meanwhile Linux suffers for the lack of erandom and frandom for typical uses of random numbers, though that's another story. -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110802141615.GB3397@elie
Processed: Re: libc6: fread() reads more than specified number of bytes
Processing commands for cont...@bugs.debian.org: # complex severity 636266 wishlist Bug #636266 [libc6] libc6: fread() reads more than specified number of bytes Severity set to 'wishlist' from 'normal' retitle 636266 libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy Bug #636266 [libc6] libc6: fread() reads more than specified number of bytes Changed Bug title to 'libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy' from 'libc6: fread() reads more than specified number of bytes' tags 636266 + upstream Bug #636266 [libc6] libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy Added tag(s) upstream. quit Stopping processing here. Please contact me if you need assistance. -- 636266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636266 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/handler.s.c.131229458814916.transcr...@bugs.debian.org
Bug#636266: marked as done (libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy)
Your message dated Tue, 02 Aug 2011 18:54:41 +0200 (CEST)
with message-id 60786.10050.16516-29544-1472601700-1312304...@seznam.cz
and subject line Re: ibc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of
entropy
has caused the Debian Bug report #636266,
regarding libc6: fread(buf, 1, 1) from urandom consumes 4096 bytes of entropy
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
636266: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=636266
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: libc6
Version: 2.13-10
Severity: normal
fopen()/fread() is used by some software packages (I noticed it via ECL) to
read data from /dev/urandom.
But fread() reads more bytes than specified (rounded up to 4096!), thereby
decreasing the available entropy by a large amount.
To test, compile this program:
#include stdio.h
void main()
{
FILE *fh;
fh = fopen(/dev/urandom, r);
fread(fh, 1, 1, fh);
}
and run via strace:
...
brk(0x1e64000) = 0x1e64000
open(/dev/urandom, O_RDONLY) = 3
fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0
ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x768dbb60) = -1 EINVAL
(Invalid argument)
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = 0x7fac45b34000
read(3, \242\261\204\215\221\313\253#\336\355\336u\37\3Gl\374
\332\301\271\363Z\327\7@.ziU\324\305..., 4096) = 4096
This is a bug IMO; with urandom it discards a lot of entropy, and with random
it might cause hangs.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_AT.UTF-8, LC_CTYPE=de_AT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libc6 depends on:
ii libc-bin 2.13-10Embedded GNU C Library: Binaries
ii libgcc1 1:4.6.1-4 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
ii debconf [debconf-2.0] 1.5.40 Debian configuration management sy
pn glibc-doc none (no description available)
ii locales 2.13-10Embedded GNU C Library: National L
-- debconf information:
* glibc/upgrade: true
glibc/disable-screensaver:
glibc/restart-failed:
* glibc/restart-services: ssh postfix openbsd-inetd cups cron atd apache2
---End Message---
---BeginMessage---
fopen()/fread() is used by some software packages (I noticed it via ECL) to
read data from /dev/urandom.
So fix/report bug against these packages.
Iff the application does not want to use buffered io,
just ask for it - add setbuf(fh, NULL).
Your sample program should be
#include stdio.h
void main()
{
FILE *fh;
fh = fopen(/dev/urandom, r);
setbuf(fh, NULL);
fread(fh, 1, 1, fh);
}
Petr
---End Message---
Bug#636286: eglibc: SIGSEGV in strcoll in UTF-8 locales with certain characters
There is no testcase. Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 And now for something completely different. -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/m2pqknhgrt@igel.home
Bug#636286: eglibc: SIGSEGV in strcoll in UTF-8 locales with certain characters
Andreas Schwab dixit:
There is no testcase.
Meh, you know that when you say attach but forget to actually do it?
Thanks for spotting. Here it is.
bye,
//mirabilos
--
Support mksh as /bin/sh and RoQA dash NOW!
‣ src:bash (254 (273) bugs: 1 RC, 175 (190) IN, 78 (82) MW, 0 FP)
‣ src:dash (82 (90) bugs: 3 RC, 44 (47) IN, 35 (40) MW, 0 FP)
‣ src:mksh (2 bugs: 0 RC, 0 IN, 2 MW, 0 FP)#include err.h
#include locale.h
#include stdlib.h
#include string.h
const char s1[] = { 0x20, 0xe0, 0xa6, 0xac, 0x00 };
const char s2[] = { 0x20, 0xe0, 0xa6, 0xad, 0x00 };
int
main(void)
{
int r;
if (setlocale(LC_ALL, ) == NULL)
err(4, setlocale);
r = strcoll(s1, s2);
return (r 0 ? 1 : r == 0 ? 2 : 3);
}
Processed: reopening 635685
Processing commands for cont...@bugs.debian.org:
reopen 635685 re...@free.fr
Bug #635685 {Done: Aurelien Jarno aure...@debian.org} [libc6-dev] general:
gcc -m32 has no access to system-specific includes in multiarch world
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Changed Bug submitter to 're...@free.fr' from 'Tim Northover
t.p.northo...@gmail.com'
thanks
Stopping processing here.
Please contact me if you need assistance.
--
635685: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635685
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive:
http://lists.debian.org/handler.s.c.131232189019959.transcr...@bugs.debian.org
Re: Processed: reopening 635685
On Tue, Aug 02, 2011 at 09:54:10PM +, Debian Bug Tracking System wrote:
Processing commands for cont...@bugs.debian.org:
reopen 635685 re...@free.fr
Bug #635685 {Done: Aurelien Jarno aure...@debian.org} [libc6-dev] general:
gcc -m32 has no access to system-specific includes in multiarch world
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Changed Bug submitter to 're...@free.fr' from 'Tim Northover
t.p.northo...@gmail.com'
thanks
Stopping processing here.
Can you please give a reason about this reopen?
--
Aurelien Jarno GPG: 1024D/F1BCDB73
aurel...@aurel32.net http://www.aurel32.net
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20110802215847.ga9...@hall.aurel32.net
Bug#635685: Just missing fpu_control.h
It seems fpu_control.h is the only one missing to get Haiku building, as symlinking it from /usr/include/x86_64-linux-gnu/fpu_control.h allows making a full build. François. -- To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e38781b.5010...@free.fr
Re: Processed: reopening 635685
Hi,
Le 02/08/2011 23:58, Aurelien Jarno a écrit :
On Tue, Aug 02, 2011 at 09:54:10PM +, Debian Bug Tracking System wrote:
Processing commands for cont...@bugs.debian.org:
reopen 635685 re...@free.fr
Bug #635685 {Done: Aurelien Jarnoaure...@debian.org} [libc6-dev] general: gcc
-m32 has no access to system-specific includes in multiarch world
'reopen' may be inappropriate when a bug has been closed with a version;
you may need to use 'found' to remove fixed versions.
Changed Bug submitter to 're...@free.fr' from 'Tim
Northovert.p.northo...@gmail.com'
thanks
Stopping processing here.
Can you please give a reason about this reopen?
Because it's still missing fpu_control.h which the private copy of MESA
in the Haiku sources require.
cf.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635685#75
François.
--
To UNSUBSCRIBE, email to debian-glibc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/4e3883db.6070...@free.fr
