| commit | bfc5d34a196f667276ce1e173821db478d01258b | |
| author | Michael Adam <obnox@samba.org> | |
| Tue, 5 Aug 2008 21:14:05 +0000 (5 23:14 +0200) | ||
| committer | Michael Adam <obnox@samba.org> | |
| Tue, 5 Aug 2008 21:44:00 +0000 (5 23:44 +0200) | ||
| tree | eeed51ac1ae61b49a815121610a41e94a3fc75eb | treesnapshot (tar.gz zip) |
| parent | 7edfb54c865ddcfd5cdcc8c2184b96aaac2d2ec0 | commitdiff |
secrets: fix replacemend random seed generator (security issue).
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
This is a regression introduced by the change to dbwrap.
The replacement dbwrap_change_int32_atomic() does not
correctly mimic the behaviour of tdb_change_int32_atomic():
The intended behaviour is to use *oldval as an initial
value when the entry does not yet exist in the db and to
return the old value in *oldval.
The effect was that:
1. get_rand_seed() always returns sys_getpid() in *new_seed
instead of the incremented seed from the secrets.tdb.
2. the seed stored in the tdb is always starting at 0 instead
of sys_getpid() + 1 and incremented in subsequent calls.
In principle this is a security issue, but i think the danger is
low, since this is only used as a fallback when there is no useable
/dev/urandom, and this is at most called on startup or via
reinit_after_fork.
Michael
| source/lib/dbwrap_util.c | diffblobblamehistory |