Bug 307983

Summary:	app-shells/mksh likes to try to write to /dev/urandom
Product:	Gentoo Linux	Reporter:	Patrick Lauer <patrick>
Component:	New packages	Assignee:	Hanno Böck <hanno>
Status:	RESOLVED FIXED
Severity:	normal	CC:	gentoo, t.glaser
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Patch for arc4random.c.1.14

Description Patrick Lauer gentoo-dev

2010-03-06 09:11:02 UTC

>>> Compiling source in /var/tmp/portage/sys-devel/m4-1.4.14/work/m4-1.4.14 ...
 * econf: updating m4-1.4.14/build-aux/config.sub with /usr/share/gnuconfig/config.sub
 * econf: updating m4-1.4.14/build-aux/config.guess with /usr/share/gnuconfig/config.guess
./configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconf
dir=/etc --localstatedir=/var/lib --libdir=/usr/lib64 --enable-changeword
ACCESS DENIED  open_wr:      /dev/urandom
ACCESS DENIED  open_wr:      /dev/urandom

[snip]


F: open_wr
S: deny
P: /dev/urandom
A: /dev/urandom
R: /dev/urandom
C: /bin/sh -c fail= failcom='exit 1'; \
for f in x $MAKEFLAGS; do \
  case $f in \
    *=* | --[!k]*);; \
    *k*) failcom='fail=yes';; \
  esac; \
done; \
dot_seen=no; \
target=`echo all-recursive | sed s/-recursive//`; \
list='. examples lib src doc checks tests'; for subdir in $list; do \
  echo "Making $target in $subdir"; \
  if test "$subdir" = "."; then \
    dot_seen=yes; \
    local_target="$target-am"; \
  else \
    local_target="$target"; \
  fi; \
  (CDPATH="${ZSH_VERSION+.}:" && cd $subdir && make  $local_target) \
  || eval $failcom; \
done; \
if test "$dot_seen" = "no"; then \
  make  "$target-am" || exit 1; \
fi; test -z "$fail" 
--------------------------------------------------------------------------------

>>> Failed to emerge sys-devel/m4-1.4.14

Portage 2.2_rc65 (default/linux/amd64/10.0/desktop, gcc-4.4.3, glibc-2.11-r1, 2.6.32-gentoo-r6 x86_64)
=================================================================
System uname: Linux-2.6.32-gentoo-r6-x86_64-AMD_Phenom-tm-_9950_Quad-Core_Processor-with-gentoo-2.0.1
Timestamp of tree: Unknown
ccache version 2.4 [disabled]
app-shells/bash:     4.1_p2
dev-java/java-config: 2.1.10
dev-lang/python:     2.6.4-r1, 3.1.1-r1
dev-python/pycrypto: 2.1.0
dev-util/ccache:     2.4-r8
dev-util/cmake:      2.8.0-r2
sys-apps/baselayout: 2.0.1
sys-apps/openrc:     0.6.0-r1
sys-apps/sandbox:    2.2
sys-devel/autoconf:  2.13, 2.65
sys-devel/automake:  1.8.5-r4, 1.9.6-r3, 1.10.3, 1.11.1
sys-devel/binutils:  2.20-r1
sys-devel/gcc:       4.4.3
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.6b
virtual/os-headers:  2.6.32
ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-O2 -march=k8 -pipe -ggdb"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c"
CXXFLAGS="-O2 -march=k8 -pipe -ggdb"
DISTDIR="/usr/portage/distfiles"
FEATURES="assume-digests buildpkg collision-protect distlocks fixpackages news parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-logs unmerge-orphans userfetch"
GENTOO_MIRRORS="http://distfiles.gentoo.org"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/home/pal/code/gentoo-x86/"
PORTDIR_OVERLAY="/usr/local/portage/layman/x11 /usr/local/portage/layman/qting-edge /usr/local/portage/layman/Spring /home/pal/code/kde"
SYNC="rsync://rsync.de.gentoo.org/gentoo-portage"
USE="3dnow 3dnowext X a52 aac aalib acl acpi alsa amd64 berkdb bluetooth branding bzip2 cairo cdio cdparanoia cdr cli consolekit cracklib crypt cups curl cxx dbus dga directfb dri dts dv dvd dvdr eds emboss encode evo extras fam firefox flac fortran ftp fts3 gdbm ggi gif gpm iconv ipv6 ithreads jack jpeg jpeg2k kde kpathsea ladspa lcms libnotify lzo mad md5sum mikmod mmx mmxext mng modules mp2 mp3 mp4 mpeg mudflap multilib musepack nas ncurses networkmanager nls nptl nptlonly objc ogg openal opengl openmp pam pcre pdf perl png pnm policykit ppds pppd python qt3support qt4 quicktime rar readline reflection rtc sasl sdl secure-delete semantic-desktop session slang speex spell spl sqlite sse sse2 ssl startup-notification svg sysfs tcpd tga theora thunar tiff truetype unicode usb v4l2 vorbis webkit x264 xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="vga radeon" 
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Patrick Lauer gentoo-dev

2010-03-06 09:18:57 UTC

Ok, I tracked this one down to a change I made yesterday, which makes pretty much all packages fail to emerge.

I changed the /bin/sh symlink to /bin/mksh, which is app-shells/mksh

Setting it back to /bin/bash "fixes" the build issues

Comment 2 Zac Medico gentoo-dev

2010-03-06 10:02:22 UTC

We used to have a SANDBOX_PREDICT for /dev/random (not urandom) in portage, but it's been removed since bug 258684. I don't see a corresponding entry in /etc/sandbox.conf from sandbox-2.2 though. Maybe we should do both random and urandom?

Comment 3 SpanKY gentoo-dev

2010-03-06 21:46:58 UTC

dont write to /dev/urandom

Comment 4 Thorsten Glaser 2010-06-30 07:33:56 UTC

This is actually the arc4random.c.1.14 source file. Writes to /dev/urandom
are harmless, they’re denied if not root (sadly, except on Win32 and MirBSD,
there is no defined way to add entropy to the pool as non-root) anyway, and
if root, added into the pool in a way that doesn’t do harm. (I actually read
the implementation of /dev/*random.)

However, if you must prevent this by policy, remove the following lines from
the arc4random.c.1.14 file:

    370         int fd;
    371 
    372         if ((fd = open(__randomdev, O_WRONLY)) != -1) {
    373                 if (write(fd, buf, len) < 4)
    374                         do_rd = 1;
    375                 close(fd);
    376         }
    377         return (do_rd || fd == -1 ? 0 : 1);

Replace with:

return (0);


You should consider upgrading to arc4random.c.1.27 anyway (which
would need the same patch).

Comment 5 Fabian Köster 2010-07-01 09:30:54 UTC

Created attachment 237117 [details, diff]
Patch for arc4random.c.1.14

Adding a patch for version 1.14 oof arc4random.c

Comment 6 Fabian Köster 2010-07-01 09:46:02 UTC

I can verify that the attached patch works. What I did:

1.) emerge mksh-39c (from portage)
2.) Link /bin/sh to mksh
3.) emerge sys-devel/m4 => FAILS with messages "ACCESS DENIED open_wr: /dev/urandom"
4.) emerge mksh-39c-r1 (with patch)
5.) emerge sys-devel/m4 => WORKS without errors.

Hanno, can you please include this patch into main tree?

Thorsten, which improvements were made in arc4random.c.1.27 compared to 1.14?

Comment 7 Thorsten Glaser 2010-07-01 09:47:48 UTC

Diff: https://www.mirbsd.org/cvs.cgi/contrib/code/Snippets/arc4random.c.diff?r1=1.14;r2=1.27

CVSweb: https://www.mirbsd.org/cvs.cgi/contrib/code/Snippets/arc4random.c

Comment 8 Fabian Köster 2010-07-08 21:45:19 UTC

Hanno is not responding...

Patrick, are you able to upload the attached patch to partage?

Comment 9 Thorsten Glaser 2010-07-09 13:01:33 UTC

mksh R40 will not use arc4random at all any more (at least not on systems
other than OpenBSD-derived ones), since it’s sometimes too expensive, e.g.
on Debian/m68k, as a speed-up. These OSes do ASLR anyway, which we can use
to seed $RANDOM, it was never intended for crypto anyway and is only 15 bit
output and 32 bit internal wide as well.

There’s no plan when R40 will come out though, don’t hold your breath for it.

Comment 10 Patrick Lauer gentoo-dev

2010-07-11 12:03:03 UTC

+  11 Jul 2010; Patrick Lauer <patrick@gentoo.org> mksh-39c.ebuild,
+  +files/mksh-39c-urandom-write.patch:
+  Fix for #307983, thanks to Fabian Koester


Danke!