[FFmpeg-devel] [PATCH] Make av_get_random_seed not block when waiting for more entropy
Michael Niedermayer
michaelni
Wed Jun 30 19:26:24 CEST 2010
On Wed, Jun 30, 2010 at 10:11:27AM +0100, M?ns Rullg?rd wrote:
> Martin Storsj? <martin at martin.st> writes:
>
> > On Tue, 29 Jun 2010, Martin Storsj? wrote:
> >
> >> On Tue, 29 Jun 2010, M?ns Rullg?rd wrote:
> >>
> >> > Martin Storsj? <martin at martin.st> writes:
> >> >
> >> > > On Tue, 29 Jun 2010, M?ns Rullg?rd wrote:
> >> > >
> >> > >> This will still block if urandom isn't available. How about this?
> >> > >
> >> > >> From cb60e983c550c2bdffc5fc07075336fb7c465fe9 Mon Sep 17 00:00:00 2001
> >> > >> From: Mans Rullgard <mans at mansr.com>
> >> > >> Date: Tue, 29 Jun 2010 14:22:51 +0100
> >> > >> Subject: [PATCH] Make av_get_random_seed() non-blocking
> >> > >>
> >> > >> Attempt to read from /dev/urandom and /dev/random with O_NONBLOCK set.
> >> > >> If neither succeeds, proceed with fallbacks.
> >> > >
> >> > > In general, this looks like an even better alternative. Neither fcntl,
> >> > > F_SETFL, F_GETFL nor O_NONBLOCK are available on windows, though, so they
> >> > > need to be hidden within some kind of ifdef.
> >> >
> >> > Cygwin should have them, mingw might not.
> >> >
> >> > Do /dev/[u]random exist on cygwin/mingw?
> >>
> >> Don't know about cygwin, but mingw won't have them at least, since it's
> >> almost plain win32.
> >
> > Would the cleanest fix be to check for fcntl and/or O_NONBLOCK in
> > configure, and just keep the nonblock setting line within ifdef? That
> > ought to work correctly on both cygwin and mingw.
>
> Yes, that's what I was planning to do.
before you spend more time on this.
There is a possible security issue with using non block mode
namely if we have /dev/*random and not use it we can end up
using a uninitialized variable. Thats an information leak
it could leak from pointers (kills ASLR) to OS/platform or
compiler version or or or ...
thats all usefull information for a attacker
he only has to saturate /dev/random so it would block
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20100630/ffd4c2f6/attachment.pgp>
More information about the ffmpeg-devel
mailing list