Bug#387448: empty entropy pool leads to DOS

Sat Sep 16 16:09:35 UTC 2006

On 16 Sep 2006, at 15:39, Andreas Metzler wrote:

> Hello,
> Do you have gnutls-bin installed at all?
>
> The only thing causing exim to block on STARTTLS is key and dh-param
> generation. Both is done offline (/etc/cron.daily/exim4-base invoking
> /usr/share/exim4/exim4_refresh_gnutls-params which uses certtool).

I noticed that gnutls-bin was "suggested" after the maintainer reply.  
Since I already have openssl installed, I simply ignored the  
suggestion. I'm happy the parameters can be generated outside of  
exim, as this downgrades the severity (somewhat) of the problem.

Upstream quickly tagged as this as "can't be done": I'd say this  
simply wrong. Everything can be done, provided enough time is given.  
Generating the keys outside of exim is one solution, and it's already  
implemented. If exim insists on supporting keys generation in  
STARTTLS, special handling MUST be implemented to avoid the DoS  
condition, because generating keys IS supposed to wait indefinitely.  
IMHO, refusing to generate the keys on-the-fly and emitting a  
temporary local problem until the keys are ready avoids the race  
without requiring heavy modifications on the exim side. The other  
peer can always refuse to initiate the transfer until tls is ready.  
Until this is fixed, exim supports flawed behavior. This is not  
debian related however, so I'll manage with upstream directly.

About Debian. Since the race _can_ be avoided (my bad I didn't  
notice), I'd say that it's a priority to inform users enough. A  
simple Suggest isn't enough, as proven by the reports already filed.

Maybe examples/exim-gencert in exim4-base should call the cron job in  
order to generate the keys immediately. README.Debian, instead of  
suggesting to check /dev/random, should inform that generation of  
keys in STARTTLS is subject to dossability, and thus, when setting up  
TLS and generating the certificates, the relative keys should be  
generated immediately too (this should be enough since README.Debian  
is referenced in main/03_exim4-config_tlsoptions), mentioning that  
gnutls-bin is _required_ to perform the task.

Also note that openssl can be used to generate the keys (in fact, I'm  
using openssl now), which is a problem less.
Maybe the Suggest: can also be raised to a Recommend too.