[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-05-13 Thread Colm Buckley 

Colm Buckley added the comment:

The attached patch (against 20160330) addresses the issue for me on Linux; it 
has not been tested on other platforms. It adds the GRND_NONBLOCK flag to the 
getrandom() call and sends the appropriate failure return if it returns due to 
lack of entropy. The enclosing functions fall back to reading from /dev/urandom 
in this case.

Affected files:

Python/random.c - changes to py_getrandom()
configure.ac and pyconfig.h.in - look for linux/random.h for inclusion

Can this, or something similar, be considered for integration with mainline?

--
keywords: +patch
Added file: http://bugs.python.org/file42837/nonblocking-getrandom.diff

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-05-12 Thread Colm Buckley 

Colm Buckley added the comment:

Oh; it's not actually hashlib which is calling getrandom(), it's the main 
runtime - the initialization of the per-process secret hash seed in 
_PyRandom_Init

Don't know enough about the internal logic here to comment on what the Right 
Thing is; but I second the suggestion of msg264303. This might just require 
setting "flags" to GRND_NONBLOCK in py_getrandom() assuming that's portable to 
other OS.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-05-12 Thread Colm Buckley 

Colm Buckley added the comment:

It's worth noting that this issue now affects every installation of Debian 
testing track with systemd and systemd-cron installed; the python program 
/lib/systemd/system-generators/systemd-crontab-generator is called very early 
in the boot process; it imports hashlib (although only .md5() is used) and 
blocks on getrandom(), delaying boot time until a 90s timeout has occurred.

Suggestions: modify hashlib to avoid calling getrandom() until entropy is 
actually required, rather than on import; change the logic to use /dev/urandom 
(or an in-process PRNG) when getrandom() blocks; or both.

--
nosy: +Colm Buckley

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-04-26 Thread Marc-Andre Lemburg 

Marc-Andre Lemburg added the comment:

As mentioned on the other issue #25420, this is a regression and a change in 
documented behavior of os.urandom(), which is expected to be non-blocking, 
regardless of whether entropy is available or not.

The fix should be easy (from reading the man page 
http://man7.org/linux/man-pages/man2/getrandom.2.html): set the GRND_NONBLOCK 
flag on getrandom(); then, if the function returns -1 and sets EAGAIN, fallback 
to reading from /dev/urandom directly.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-04-26 Thread Stefan Krah 

Stefan Krah added the comment:

I did not claim that it magically creates entropy. -- Many VMs are throwaway 
test beds. It would be annoying to setup some entropy
gathering mechanism just so that Python starts.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-04-26 Thread STINNER Victor 

STINNER Victor added the comment:

Since many years, Linux systems store entropy on disk to quickly feed the
entropy pool at startup.

It doesn't create magically entropy on VM where you start with zero entropy
at the first boot.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-04-26 Thread Stefan Krah 

Stefan Krah added the comment:

It is clear how /dev/urandom works. I just think that securing enough
entropy on startup should be done by the init scripts (if systemd still
allows that :) and not by an application.

[Unless the application is gpg or similar.]

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue26839] Python 3.5 running in a virtual machine with Linux kernel 3.17+ can block at startup or on importing the random module on getrandom()

2016-04-26 Thread STINNER Victor 

Changes by STINNER Victor :


--
title: Python 3.5 running in a virtual machine with Linux kernel 3.17+ can 
block at startup or on importing the random module -> Python 3.5 running in a 
virtual machine with Linux kernel 3.17+ can block at startup or on importing 
the random module on getrandom()

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com