concerning 760476
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Oct 28 09:59:41 UTC 2014
Hello,
I think that the bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760476
is more serious than it seems. By cups closing gnutls' /dev/urandom
descriptor it makes gnutls to read from whatever file is open and has
the same descriptor number in order to fill its random pool. In the
reported case we were lucky that the descriptor didn't allow read and
the issue was detected.
I think that the issue should be reassigned to cups and it should be
modified to close the known file descriptors (stdin/stdout/stderr)
instead of all open descriptors.
regards,
Nikos
PS. That issue helped uncover an unnecessary early refresh of
gnutls' random state, but applying this patch [0] would only postpone
the issue for few hours (until the state needs to be refreshed again).
[0].
https://gitorious.org/gnutls/gnutls/commit/a52184e8cddef9d812717db106334e0610b5438f
More information about the Pkg-gnutls-maint
mailing list