Message267729
| Author | Lukasa |
|---|---|
| Recipients | Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane |
| Date | 2016-06-07.19:03:48 |
| SpamBayes Score | -1.0 |
| Marked as misclassified | Yes |
| Message-id | <1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za> |
| In-reply-to |
| Content | |
|---|---|
> So you are intentionally accepting a new vector for DoS attacks, and calling this non-reduced security? This is only a DoS vector if you can hit the server so early in the boot process that it doesn't have enough entropy. The *second* enough entropy has been gathered getrandom() will never block again. In essence, then, the situation where it becomes possible to DoS a server is entirely outside an attackers control and extremely unlikely to ever actually occur in real life: you can only DoS the server if you can demand entropy before the system has gathered enough, and if the server has managed to *boot* by then then the alternative is that it is incapable of generating secure random numbers and shouldn't be running exposed against the web anyway. |
|
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2016-06-07 19:03:48 | Lukasa | set | recipients: + Lukasa, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, thomas-petazzoni, Colm Buckley |
| 2016-06-07 19:03:48 | Lukasa | set | messageid: <1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za> |
| 2016-06-07 19:03:48 | Lukasa | link | issue26839 messages |
| 2016-06-07 19:03:48 | Lukasa | create | |