Bug 110119

Summary:	cyrus-sasl should use urandom
Product:	Gentoo Linux	Reporter:	Arnaud Launay <asl>
Component:	[OLD] Server	Assignee:	Gentoo Linux bug wranglers <bug-wranglers>
Status:	RESOLVED DUPLICATE
Severity:	critical
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	urandom patch for cyrus-sasl urandom patch for cyrus-sasl

Description Arnaud Launay 2005-10-22 02:24:50 UTC

Cyrus-sasl use /dev/random by default for authentification, but servers may lack
entropy, so at some point the imap server is stalled, waiting for /dev/random to
issue some numbers which will never come. Suggested correction like indicated there:
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue
is to compile sasl to use urandom.

Pro: wont stall anymore
Cons: a little less secure

Reproducible: Always
Steps to Reproduce:
1. emerge cyrus-imapd
2. load it on a server that doesn't generate enough entropy
3. wait ~60 days :)
Actual Results:  
Connections to imap server stalled; first time I corrected it by rebooting the
server, which gave back entropy; second time I tracked the problem down to
/dev/random not giving anything, and then found the url above and the
correction, immediately did the trick.

Expected Results:  
Imap server working normally

Comment 1 Arnaud Launay 2005-10-22 02:26:34 UTC

Created attachment 71181 [details, diff]
urandom patch for cyrus-sasl

Patch enclosed, against 2.1.21-r1 ebuild;
just adds the configure line to choose the random device.

Comment 2 Arnaud Launay 2005-10-22 02:28:20 UTC

Created attachment 71182 [details, diff]
urandom patch for cyrus-sasl

Patch enclosed, against 2.1.21-r1 ebuild;
just adds the configure line to choose the random device.

Comment 3 Arnaud Launay 2005-10-22 02:48:58 UTC

Yukes. Never post bugs before morning coffee...

*** This bug has been marked as a duplicate of 46038 ***