kernel-packages team mailing list archive
-
kernel-packages team
-
Mailing list archive
-
Message #37119
[Bug 575669] Re: Rapid depletion of entropy pool
Christopher,
Can you explain how the commit you linked to resolves this issue? The
commit seems to place process permissions checks on /proc/pid/stat and
/proc/pid/wchan. I do not see how this affects the available entropy
unless entropy is being depleted by unauthorized processes accessing
those endpoints, which does not seem very likely to me. I doubt I will
have time to test trusty before it is released, but once released I will
test within a virtual server to see if this issue has been resolved.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/575669
Title:
Rapid depletion of entropy pool
Status in “linux” package in Ubuntu:
Confirmed
Bug description:
I was noticing that on several of my servers the available entropy has
been exceedingly low for the last 6-7 months. My guess is this
problem began with Ubuntu 9.10 and continues in Ubuntu 10.04. I came
across some useful information here:
http://lkml.org/lkml/2010/4/5/19
And I confirmed that running:
watch cat /proc/sys/kernel/random/entropy_avail
will rapidly deplete the entropy pool. But running the python script:
import sys, time
while True:
sys.stdout.write(open('/proc/sys/kernel/random/entropy_avail', 'r').read())
time.sleep(1)
will not rapidly deplete the entropy pool. This seems to support the
hypothesis that entropy is being drained with each launch of a process
which has been linked to the glibc randomized stack protector. Some
information about that can be found here:
http://sourceware.org/ml/libc-alpha/2008-10/msg00006.html
As many people who have run virtual servers can attest, low entropy on
a server can cause a number of difficult to diagnose performance
problems as processes block trying to access /dev/random. Low entropy
may also lead to a reduction in security for various cryptographic
services.
I'm not an expert in these matters and have limited ability to test as
many of my servers are running older versions but it does appear that
those older versions do not have this behavior. This could also be a
kernel issue but I thought I would start here and see if others can
replicate this problem and help in diagnosing the issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/575669/+subscriptions