New issue
Advanced search Search tips

Issue 800520 link

Starred by 1 user
Status: Verified
Owner:
za...@chromium.org
Closed: Jan 2018
Cc:
mnissler@chromium.org
vapier@chromium.org
dgreid@chromium.org
jorgelo@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 3
Type: Bug



Sign in to add a comment

crosvm shouldn't expose /dev/random to VMs

Project Member Reported by vapier@chromium.org, Jan 9 2018 
following up to https://chromium-review.googlesource.com/603531

by exposing /dev/random to guests, we allow them to drain entropy from both the host OS and other guests.  there's no reason to allow any VM to constantly read from from /dev/random as urandom should satisfy all cases.
Project Member

Comment 1 by bugdroid1@chromium.org, Jan 19 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform/crosvm/+/e56e045b18259399b424a0dd2cb8c53309478b71

commit e56e045b18259399b424a0dd2cb8c53309478b71
Author: Mike Frysinger <vapier@chromium.org>
Date: Fri Jan 19 01:40:52 2018

rng: switch to /dev/urandom

There's no need to provide direct access to /dev/random to all guests,
and we don't want them to be able to drain entropy from other VMs and
from the host itself.

BUG= chromium:800520 
TEST=precq passes

Change-Id: I94ea0755123ee7479ca83c07525ca870d42c637f
Reviewed-on: https://chromium-review.googlesource.com/872890
Commit-Ready: Mike Frysinger <vapier@chromium.org>
Tested-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Dylan Reid <dgreid@chromium.org>
Reviewed-by: Zach Reizner <zachr@chromium.org>

[modify] https://crrev.com/e56e045b18259399b424a0dd2cb8c53309478b71/devices/src/virtio/rng.rs

Comment 2 by dgreid@chromium.org, Jan 31 2018

Status: Verified (was: Available)

Comment 3 by vapier@chromium.org, May 9 2018

Components: OS>Systems>Containers

Sign in to add a comment