[Buildroot] [git commit branch/2018.02.x] util-linux: add two upstream patches to fix blocking on getrandom() with recent kernels

Peter Korsgaard peter at korsgaard.com
Tue May 29 19:15:32 UTC 2018


>>>>> "Trent" == Trent Piepho <tpiepho at impinj.com> writes:

 > On Mon, 2018-05-28 at 09:48 +0200, Peter Korsgaard wrote:
 >> commit: https://git.buildroot.net/buildroot/commit/?id=c4d86707cd67817496fa7a904b73b2538ad4058c
 >> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.02.x
 >> 
 >> As part of the fix for CVE-2018-1108 (kernel drivers before version 4.17-rc1
 >> are vulnerable to a weakness in the Linux kernel's implementation of random
 >> seed data.  Programs, early in the boot sequence, could use the data
 >> allocated for the seed before it was sufficiently generated), the kernel
 >> random number generator initialization routine was changed.  See the
 >> project-zero writeup for more details:
 >> 
 >> https://bugs.chromium.org/p/project-zero/issues/detail?id=1559

 > What's ironic here is that due to the kernel's random data not being
 > good enough, after waiting a full second, util-linux falls back to
 > random data that is even worse.

 > If one looks at the system as a whole, I think rather than "fix" CVE-
 > 2018-1108 what has really happened is that a kernel problem has been
 > traded for an even worse userspace problem.

It probably doesn't matter hugely for libuuid, but yes - I also do find
it somewhat odd that these changes have been added to the stable trees
considering the breakage to existing user space setups they are causing.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list