[FFmpeg-devel] [PATCH] Make av_get_random_seed not block when waiting for more entropy
Martin Storsjö
martin
Wed Jun 30 18:16:28 CEST 2010
On Wed, 30 Jun 2010, Michael Niedermayer wrote:
> before you spend more time on this.
> There is a possible security issue with using non block mode
> namely if we have /dev/*random and not use it we can end up
> using a uninitialized variable. Thats an information leak
> it could leak from pointers (kills ASLR) to OS/platform or
> compiler version or or or ...
> thats all usefull information for a attacker
> he only has to saturate /dev/random so it would block
Could you elaborate on your concern here? The fix he committed tries both
/dev/random and /dev/urandom, and the latter should never block (afaik),
and even in that case I don't see where any uninitialized variable would
be leaked?
// Martin
More information about the ffmpeg-devel
mailing list