I''m new to Xen. I''m using the Xen that comes with Centos 5.1 (which is 3.1). When I read from /dev/urandom, the values NEVER change. My domU is a Centos 5.1 instance. Below I run the simple command twice and get the same numbers. If I run another domU I get the SAME numbers! -bash-3.1# od -tx4 -N 16 /dev/urandom 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1 -bash-3.1# od -tx4 -N 16 /dev/urandom 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1 I need to figure out: 1) How to fix this 2) Isnt this a major security flaw since the random seeds are static/known? _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Ken, On Thu, Jan 24, 2008 at 07:08:47PM -0500, Ken Bass wrote:> I''m new to Xen. I''m using the Xen that comes with Centos 5.1 (which is > 3.1). When I read from /dev/urandom, the values NEVER change. My domU is > a Centos 5.1 instance. Below I run the simple command twice and get the > same numbers. If I run another domU I get the SAME numbers! > > -bash-3.1# od -tx4 -N 16 /dev/urandom > 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1 > > -bash-3.1# od -tx4 -N 16 /dev/urandom > 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1Just as a data point, I do not see this problem in my setup (Debian Etch, xen 3.0.3). Cheers, Andy _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
> Just as a data point, I do not see this problem in my setup (Debian > Etch, xen 3.0.3).Same here. Each domU shows different numbers than the other ones. Setup is Ubuntu with packaged Xen3.1 in dom0 and Debian Etch in domUs. Regards, Jan -- Artfiles New Media GmbH | Spaldingstr. 160 b | 20097 Hamburg Tel: 040 - 32 02 72 90 | Fax: 040 - 32 02 72 95 E-Mail: support@artfiles.de | Web: http://www.artfiles.de Geschäftsführer Carsten Bals | Handelsregister Hamburg - HRB 81478 _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Friday 25 January 2008, Jan Marquardt wrote:> > Just as a data point, I do not see this problem in my setup (Debian > > Etch, xen 3.0.3). > > Same here. Each domU shows different numbers than the other ones. Setup > is Ubuntu with packaged Xen3.1 in dom0 and Debian Etch in domUs. >And I don''t see this either. Each run in domU gives me different numbers. Using CentOS 5.0 for both dom0 and domU. This system isn''t fully updated to 5.1 yet, so maybe it''s a recent issue. Geert -- Kobalt W.I.T. Web & Information Technology Brusselsesteenweg 152 1850 Grimbergen Tel : +32 479 339 655 Email: info@kobaltwit.be _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Hi Ken, On Thu, 2008-01-24 at 19:08 -0500, Ken Bass wrote:> I''m new to Xen. I''m using the Xen that comes with Centos 5.1 (which is > 3.1). When I read from /dev/urandom, the values NEVER change. My domU is > a Centos 5.1 instance. Below I run the simple command twice and get the > same numbers. If I run another domU I get the SAME numbers! > > -bash-3.1# od -tx4 -N 16 /dev/urandom > 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1 > > -bash-3.1# od -tx4 -N 16 /dev/urandom > 0000000 d920a168 b904ed93 1dc8962e d1a8c0b1 > > I need to figure out: > 1) How to fix this > 2) Isnt this a major security flaw since the random seeds are static/known? >I am using CentOS 5.1 for Dom0''s and DomU''s and I do not see this issue... Maybe this will help: http://en.wikipedia.org/wiki/Urandom Jeffrey Cronstrom _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Ken Bass
2008-Jan-25 16:29 UTC
Re: [Xen-users] Major /dev/urandom (Security) issue? [jailtime.org issue]
Ken Bass wrote:> I''m new to Xen. I''m using the Xen that comes with Centos 5.1 (which is > 3.1). When I read from /dev/urandom, the values NEVER change. My domU > is a Centos 5.1 instance. Below I run the simple command twice and get > the same numbers. If I run another domU I get the SAME numbers!First, thanks for those who responded telling me their system was working fine. As a followup, I''ve discovered that the /dev/urandom file is just a regular file, not a special character file like it should be. This would explain the behavior. The Xen centos 5.1 image that I am using as a test was downloaded from http://jailtime.org/download:centos:v5.1 While the initial filesystem image shows /dev/urandom as a special char device, it seems that on bootup, it is overwritten or something. I notice that rc.sysinit was modified and the line ''/sbin/start_udev'' was commented out. I suspect that has something to do with it. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users