Bug#343085: exim4: Exim SMTP_AUTH hangs since today...
Sven Hartge
sven at svenhartge.de
Mon Jan 30 22:11:53 UTC 2006
Um 23:04 Uhr am 30.01.06 schrieb Sven Hartge:
> Um 22:41 Uhr am 30.01.06 schrieb Florian Weimer:
>> Sven Hartge:
>>> So, conclusion: No the problem is not the gnutls-params file, but exim4
>>> using nearly each and every bit of entropy for a _single_ mail.
>> This is expected and is quite hard to fix properly. During your tests,
>> did Exim hang?
> No, it used /dev/urandom this time (which quite surprised me, since I used
> the same packages that were installed when Exim hang using /dev/random).
> It seems I have a little mixup here, so I will restest the situation with
> verified packages.
OK, with all those different packages patched and recompiled during the
last hours, I got a little knot in my brain.
So _of course_ it used /dev/urandom with your fix, as this was the whole
point of the patch.
(Forgive me for being a little slow sometimes.)
Question again: does this patch qualify for an update of the Exim4
packages in Sarge with the next point release?
I would even like to see a security update, since without this patch you
can remotely block an Debian-Exim mailserver by opening severy SSL
connections and thus emptying the entropy pool, causing any further SSL
transaction of Exim4 to hang, because the unpatched tls-gnu.c uses
/dev/random for its RSA seed. (Is this summary correct?)
Grüße,
Sven.
--
Sven Hartge -- professioneller Unix-Geek
Meine Gedanken im Netz: http://www.svenhartge.de/
Achtung, neue Mail-Adresse: sven at svenhartge.de
More information about the Pkg-exim4-maintainers
mailing list