Critical EGD handling in 2.1.1p1
Lutz Jaenicke
Lutz.Jaenicke at aet.TU-Cottbus.DE
Wed Jun 21 00:03:52 EST 2000
Hi,
when running OpenSSH with EGD as entropy source, the sshd server connects
to the EGD socket and leaves it open to re-seed on the fly.
Unfortunately the connection is not checked when re-seeding, so that
a failure or restart of EGD will lead to a "fatal()" abort of the sshd
server process.
Since a dying server process can not be accepted, I would recommend to
not have sshd call it "fatal()" if EGD cannot be queried and there is
already enough seed available.
Something like:
if (error_condition) {
close(egd_socket);
egd_socket = -1; /* Try to reopen next time */
if (RAND_status() == 0)
fatal("Could not get entropy"); /* not enough seed -> fatal */
}
Best regards,
Lutz
--
Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
More information about the openssh-unix-dev
mailing list