apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject non-availability of APR_HAS_RANDOM implications on security
Date Fri, 21 Mar 2003 02:52:25 GMT
I was looking at the actual usage of apr_generate_random_bytes in httpd/apr 
projects.

mod_auth_digest.c will refuse to build if APR_HAS_RANDOM is not available. 
Which is a clean solution.

However apr-util/crypto/getuuid.c provides a *sort of* random implementation 
where APR_HAS_RANDOM is not available in two functions. in the true_random() 
we have this nice note:

/* crap. this isn't crypto quality, but it will be Good Enough */

This seems fishy, user that doesn't have the random library installed may 
falsely think that his apps are safe, since apr-util does absolutely nothing 
in order to warn the user of a potential problem. Unless I'm missing it.

I'd suggest to refuse to compile, till a user explicitly provides a flag 
saying: --I_do_not_care_about_security, which may trigger some action on their 
behalf if they are going to use this function. May be we shouldn't make it too 
hard on the users who don't use these functions, so instead we could have a 
run-time assertion, which will be disabled if re-compiled with 
--I_do_not_care_about_security.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com


Mime
View raw message