httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@links.org>
Subject Re: how to avoid balancer manager nonce?
Date Sat, 01 Sep 2012 20:01:54 GMT
On Sat, Sep 1, 2012 at 8:13 PM, Jim Jagielski <jim@jagunet.com> wrote:
>
> On Sep 1, 2012, at 12:39 PM, Ben Laurie <ben@links.org> wrote:
>
>> On Sat, Sep 1, 2012 at 4:47 PM, Jim Jagielski <jim@jagunet.com> wrote:
>>> Another alternative would be to have the nonce also possibly
>>> set at config-time and, if unset, then use the uuid. That way
>>> it could also be used as a sort of shared-secret ;)
>>>
>>>        ProxySet nonce="applepie!"
>>>
>>> Longer term, I think that's a more "strategic" solution.
>>
>> What? Nonces are one-time use only, by definition.
>>
>
> Then we change the name from "nonce" to something else... Preventing
> or arguing against a solid, reliable fix and enhancement because
> it's called something is pretty bogus.

Sure, if its not a nonce, fine by me. Is it not a nonce? What is its purpose?

> Or the other thing, other than renaming it, is to not be so
> pedantic... after all, how long did we have 'MaxRequestsPerChild'? ;)

Whatever. The core problem is that /dev/random blocks, and we've
already seen that working around this leads to problems.

>
>> Better, IMO, would be to either use insecure random, or, better still,
>> seed a PRNG from secure random once and use that from then on (for all
>> randomness).
>>
>> Or switch to FreeBSD where /dev/random does not block :-)
>>
>>> On Aug 31, 2012, at 2:14 PM, Stefan Fritsch <sf@sfritsch.de> wrote:
>>>
>>>> On Friday 31 August 2012, Eric Covener wrote:
>>>>> I'm fighting a problem on new releases of AIX where in some
>>>>> environments, /dev/random seems to run out of entropy way too
>>>>> quick.
>>>>>
>>>>> I'd like a way to suppress the apr_uuid_get->
>>>>> apr_generate_random_bytes() in mod_proxy_balancer used for the
>>>>> balancer-manager nonce in affected environments.
>>>>>
>>>>> I was thinking a global "BalancerManager off" could be used for
>>>>> this and would also have the upside of fixing the SetHandler
>>>>> htaccess problem.
>>>>>
>>>>> Alternatives would be to find a weaker source for the nonce, or
>>>>> allow tto opt out / use a hard-coded one.
>>>>>
>>>>> Any suggestions?
>>>>
>>>> For 2.4, you could use ap_random_insecure_bytes(). It should be good
>>>> enough for a nonce.
>>>>
>>>> If you add a "BalancerManager off", it should be per directory, or at
>>>> least per vhost. Otherwise it would not help that much with the
>>>> SetHandler htaccess problem.
>>>>
>>>
>>
>

Mime
View raw message