Message267729
| Author |
Lukasa |
| Recipients |
Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date |
2016年06月07日.19:03:48 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
> So you are intentionally accepting a new vector for DoS attacks, and calling
this non-reduced security?
This is only a DoS vector if you can hit the server so early in the boot process that it doesn't have enough entropy. The *second* enough entropy has been gathered getrandom() will never block again.
In essence, then, the situation where it becomes possible to DoS a server is entirely outside an attackers control and extremely unlikely to ever actually occur in real life: you can only DoS the server if you can demand entropy before the system has gathered enough, and if the server has managed to *boot* by then then the alternative is that it is incapable of generating secure random numbers and shouldn't be running exposed against the web anyway. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2016年06月07日 19:03:48 | Lukasa | set | recipients:
+ Lukasa, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, thomas-petazzoni, Colm Buckley |
| 2016年06月07日 19:03:48 | Lukasa | set | messageid: <1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za> |
| 2016年06月07日 19:03:48 | Lukasa | link | issue26839 messages |
| 2016年06月07日 19:03:48 | Lukasa | create |
|