Closed
Bug 455829
Opened 16 years ago
Closed 16 years ago
Please use /dev/urandom instead of /dev/random on Linux
Categories
(NSPR :: NSPR, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
4.7.2
People
(Reporter: glandium, Assigned: glandium)
References
Details
Attachments
(1 file, 1 obsolete file)
1.60 KB,
patch
|
wtc
:
review+
|
Details | Diff | Splinter Review |
We've go several people reporting that iceweasel would freeze at startup on some appliances of the web kiosk kind that just boot up to iceweasel almost directly, until some mouse movements occur and/or keys are pressed. This is due to the fact that Linux's /dev/random uses mouse and keys to get some entropy, and /dev/random blocks when it doesn't have enough entropy. /dev/urandom is a (weaker) version that doesn't block. /dev/urandom is actually used in NSS already. Anyways, I see two possibilities, here, one of which I am sending a patch for. Please tell me if you'd prefer the other approach. - Use /dev/urandom on Linux (BSD variants have already a non blocking (weak) RNG on /dev/random) - Use clock_gettime() to get a real high resolution clock response, but that would depend on the resolution (clock_getres()) ; high resolution clock is quite recent in linux iirc.
Attachment #339195 -
Flags: review?(wtc)
Comment 1•16 years ago
|
||
Comment on attachment 339195 [details] [diff] [review] Patch This fix is good. We should make this change unconditionally, rather than with #ifdef LINUX. Perhaps OpenDevRandom and fdDevRandom should be renamed accordingly. I'm more concerned about the code that's calling PR_GetRandomNoise. The output of PR_GetRandomNoise should only be used to seed a pseudorandom number generator (PRNG). PR_GetRandomNoise must not be used as a PRNG directly.
Attachment #339195 -
Flags: review?(wtc) → review-
Assignee | ||
Comment 2•16 years ago
|
||
Doesn't seem to be much problem... http://mxr.mozilla.org/firefox/search?string=PR_GetRandomNoise&tree=firefox
Assignee | ||
Comment 3•16 years ago
|
||
How about this ?
Assignee: wtc → mh+mozilla
Attachment #339195 -
Attachment is obsolete: true
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #339296 -
Flags: review?(wtc)
Updated•16 years ago
|
Attachment #339296 -
Flags: review?(wtc) → review+
Comment 4•16 years ago
|
||
Comment on attachment 339296 [details] [diff] [review] Patch v2 r=wtc. Thanks.
Comment 5•16 years ago
|
||
Wan-Teh, I think there may be disagreement about whether or not the switch to /dev/urandom should be made "unconditionally, rather than with #ifdef LINUX."
Comment 6•16 years ago
|
||
Mike, could you find the iceweasel code that calls PR_GetRandomNoise? Unless it uses the PR_GetRandomNoise output to seed a PRNG, it is using PR_GetRandomNoise incorrectly and it needs to be changed. Nelson, in spite of the documentation (http://developer.mozilla.org/en/PR_GetRandomNoise http://mxr.mozilla.org/nspr/source/nsprpub/pr/include/prrng.h#53) people use PR_GetRandomNoise incorrectly as a PRNG. In fact, I doubt there is any code that uses PR_GetRandomNoise as intended (to seed a PRNG). This is why switching to /dev/urandom is a good solution.
Assignee | ||
Comment 7•16 years ago
|
||
(In reply to comment #6) > Mike, could you find the iceweasel code that calls PR_GetRandomNoise? > Unless it uses the PR_GetRandomNoise output to seed a PRNG, it is > using PR_GetRandomNoise incorrectly and it needs to be changed. See comment #2. (There are no differences between iceweasel and firefox introducing uses of PR_GetRandomNoise)
Assignee | ||
Comment 8•16 years ago
|
||
Anyways, please note that I'm waiting feedback as whether the patch really addresses the freezing issue.
Comment 9•16 years ago
|
||
There are three callers of PR_GetRandomNoise in the Mozilla source tree outside of NSPR: 1) Use of PR_GetRandomNoise in nsUUIDGenerator.cpp was discussed in bug 279521. 2) nsMetricsService.cpp uses the "noise" to stagger update requests randomly - it doesn't really care that the numbers might not be sufficiently random. 3) nsXFormsXPathFunctions::Random passes the return value of PR_GetRandomNoise to srand().
Comment 10•16 years ago
|
||
Mike, Gavin, thanks for finding the users of PR_GetRandomNoise. Among them, only nsMetricsService.cpp is using PR_GetRandomNoise incorrectly. It uses PR_GetRandomNoise directly to generate a random 32-bit number. The problem of using PR_GetRandomNoise as a PRNG is that the output of PR_GetRandomNoise, although random, may not be uniformly distributed. This is why we need to feed it to a PRNG to "whiten" the output.
Assignee | ||
Comment 11•16 years ago
|
||
I can confirm the patch solved the freezing problem for the people reporting it. I don't know what codepath was used then, though.
Assignee | ||
Comment 12•16 years ago
|
||
And the code path leading to the freeze was through nsUUIDGenerator.
Comment 14•16 years ago
|
||
Please also see bug 455829 (with 5 votes), as this seems to be a duplicate. A patch would be greatly appreciated as it seems to affect LTSP setups on a critical level (Firefox won't launch for *anyone* after 2-4 users launch it on the network).
Comment 15•16 years ago
|
||
Heh, there IS a patch! Ok, I'll try and test it out.
Comment 16•16 years ago
|
||
I checked in the patch on the NSPR trunk (NSPR 4.7.2). Checking in uxrng.c; /cvsroot/mozilla/nsprpub/pr/src/md/unix/uxrng.c,v <-- uxrng.c new revision: 1.22; previous revision: 1.21 done
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Target Milestone: --- → 4.7.2
See Also: → https://launchpad.net/bugs/269188
You need to log in
before you can comment on or make changes to this bug.
Description
•