Merge lp:~vanvugt/mir/run-without-entropy into lp:mir
Status: | Superseded |
---|---|
Proposed branch: | lp:~vanvugt/mir/run-without-entropy |
Merge into: | lp:mir |
Prerequisite: | lp:~vanvugt/mir/test-without-entropy |
Diff against target: |
106 lines (+14/-53) 3 files modified
src/cookie/authority.cpp (+12/-51) tests/acceptance-tests/test_server_startup.cpp (+1/-1) tests/unit-tests/test_mir_cookie.cpp (+1/-1) |
To merge this branch: | bzr merge lp:~vanvugt/mir/run-without-entropy |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chris Halse Rogers | Disapprove | ||
Brandon Schaefer (community) | Disapprove | ||
Alan Griffiths | Disapprove | ||
Alexandros Frantzis (community) | Approve | ||
Mir CI Bot | continuous-integration | Needs Fixing | |
Review via email: mp+287266@code.launchpad.net |
This proposal has been superseded by a proposal from 2016-02-29.
Commit message
Avoid hanging and/or crashing the Mir server when gathering entropy
(LP: #1536662 and LP: #1541188)
Hanging or crashing a visual system like a display server is
unacceptable. And I'm fairly confident we're not doing anything
sufficiently security-critical with "cookies" that could justify hanging
or crashing the system.
Unless you're trying to protect your data from a hardened professional
attacker, there is no justification for blocking indefinitely on
/dev/random, when the non-blocking /dev/urandom is sufficiently secure.
And even if you think you need /dev/random, you should gather data from
it _offline_ only, like ssh-keygen does. Because there's no telling
just how long it might take to read /dev/random. It can and will often
take more than the 30 seconds we were willing to wait (which was too
long anyway).
FAILED: Continuous integration, rev:3347 /mir-jenkins. ubuntu. com/job/ mir-ci/ 411/ /mir-jenkins. ubuntu. com/job/ build-mir/ 212/console /mir-jenkins. ubuntu. com/job/ build-0- fetch/236 /mir-jenkins. ubuntu. com/job/ build-1- sourcepkg/ release= vivid+overlay/ 228 /mir-jenkins. ubuntu. com/job/ build-1- sourcepkg/ release= xenial/ 228 /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= amd64,compiler= clang,platform= mesa,release= vivid+overlay/ 219 /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= amd64,compiler= clang,platform= mesa,release= vivid+overlay/ 219/artifact/ output/ *zip*/output. zip /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= amd64,compiler= gcc,platform= mesa,release= xenial/ 219 /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= amd64,compiler= gcc,platform= mesa,release= xenial/ 219/artifact/ output/ *zip*/output. zip /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= cross-armhf, compiler= gcc,platform= android, release= vivid+overlay/ 219 /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= cross-armhf, compiler= gcc,platform= android, release= vivid+overlay/ 219/artifact/ output/ *zip*/output. zip /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= i386,compiler= gcc,platform= android, release= vivid+overlay/ 219 /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= i386,compiler= gcc,platform= android, release= vivid+overlay/ 219/artifact/ output/ *zip*/output. zip /mir-jenkins. ubuntu. com/job/ build-2- binpkg- mir/arch= i386,compiler= gcc,platform= mesa,release= xenial/ 219/console
https:/
Executed test runs:
FAILURE: https:/
SUCCESS: https:/
SUCCESS: https:/
SUCCESS: https:/
SUCCESS: https:/
deb: https:/
SUCCESS: https:/
deb: https:/
SUCCESS: https:/
deb: https:/
SUCCESS: https:/
deb: https:/
FAILURE: https:/
Click here to trigger a rebuild: /mir-jenkins. ubuntu. com/job/ mir-ci/ 411/rebuild
https:/