bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

From:	Richard Copley
Subject:	bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date:	Thu, 31 Dec 2015 20:44:18 +0000

>> >> What Demetri has just described is what I would do.
>> >
>> >Now I'm confused: do what?
>>
>> As I understand it: Provide a function callable from lisp that returns
>> a cryptographically secure sequence of random bytes, of a specified
>> length. Use that function to generate the server secret.
>
> That's what my patch does.

A separate function from "random".

>> >We still need to support 'random' with an
>> >argument, so we cannot get rid of seeding a PRNG with a known value.
>> >And I didn't want to remove srandom.
>>
>> Given the above, we could leave "random", etc., as they are, or we
>> could use a better PRNG and/or seed with system entropy. It would
>> no longer be tied up with this issue report.
>
> Patches welcome, as I said already.

You asked me a question.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/01
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley <=
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/15
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/01
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Paul Eggert, 2016/01/17
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Paul Eggert, 2016/01/17
    - Message not available
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Andy Moreton, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, John Wiegley, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18

Prev by Date: bug#21771: 25.0.50; Can't customize whitespace-display-mappings
Next by Date: bug#20265: 24.5; Corrupted mode-line with :box attribute set
Previous by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Next by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Index(es):
- Date
- Thread