[libvirt] [PATCH 08/10] virrandom: Make virRandomBits better
Michal Privoznik
mprivozn at redhat.com
Wed May 30 07:35:58 UTC 2018
On 05/29/2018 10:32 PM, Eric Blake wrote:
> On 05/29/2018 03:24 AM, Michal Privoznik wrote:
>> Now that we have strong PRNG generator implemented in
>> virRandomBytes() let's use that instead of gnulib's random_r.
>>
>> Problem with the latter is in way we seed it: current UNIX time
>> and libvirtd's PID are not that random as one might think.
>> Imagine two hosts booting at the same time. There's a fair chance
>> that those hosts spawn libvirtds at the same time and with the
>> same PID. This will result in both daemons generating the same
>> sequence of say MAC addresses [1].
>>
>> 1: https://www.redhat.com/archives/libvirt-users/2018-May/msg00097.html
>>
>> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
>> ---
>> src/util/virrandom.c | 63
>> ++--------------------------------------------------
>> 1 file changed, 2 insertions(+), 61 deletions(-)
>>
>
>> -static int
>> -virRandomOnceInit(void)
>> -{
>> - unsigned int seed = time(NULL) ^ getpid();
>> -
>> -#if 0
>> - /* Normally we want a decent seed. But if reproducible debugging
>> - * of a fixed pseudo-random sequence is ever required, uncomment
>> - * this block to let an environment variable force the seed. */
>> - const char *debug = virGetEnvBlockSUID("VIR_DEBUG_RANDOM_SEED");
>> -
>> - if (debug && virStrToLong_ui(debug, NULL, 0, &seed) < 0)
>> - return -1;
>
> Are we sure we don't need the ability to quickly compile in a
> deterministic replacement for debug in the future? I suppose there's
> always git history, but this particular #if 0 was left in place for a
> reason, where completely removing it makes it harder to realize that
> such debugging is even possible.
>
Well, what we can now do is to cook a mock library that would implement
gnutls_rnd() to return some deterministic number without any need to
recompile libvirt at all. Therefore I don't think we should leave #if 0
in. And frankly, until I looked into this file I did not even know we
have such option.
Michal
More information about the libvir-list
mailing list