Daemon icon indicating copy to clipboard operation
Daemon copied to clipboard

Published 20 hours ago verified publisher icon DaemonEngine

system: use getrandom() and fallback on urandom if syscall doesn't work

Open illwieckz opened this issue 1 year ago • 4 comments

Sometime with less common compilers I get an error about getrandom syscall failures, but we already have an alternate implementation. It happens that the checks is currently done at build time, but then even if the headers are there, it may fail at run time. So we technically can try the syscall then the urandom read if the syscall fails.

What I don't know though, is that if doing that is reducing security or not.

illwieckz avatar Sep 06 '24 13:09 illwieckz

Sometime with less common compilers I get an error about getrandom syscall failures

Why would it change depending on the compiler?

slipher avatar Sep 06 '24 14:09 slipher

I have no idea, I get this kind of error for example when:

  • I build with Zig
  • I build with ICC on Ubuntu Noble and run on Ubuntu Noble

Even more funny: building with ICC from Ubuntu 24.04 Noble (bind mount on the compiler folder) in Ubuntu 22.10 Kinetic chroot onside Ubuntu Noble and running on Ubuntu Noble doesn't reproduce the error…

I guess some libc mismatch or things like that may happen…

illwieckz avatar Sep 06 '24 14:09 illwieckz

I noticed that if I do getrandom(dest, size, GRND_NONBLOCK) instead of syscall(SYS_getrandom, dest, size, GRND_NONBLOCK), it works on ICC and Zig too. And getrandom is expected to be the same syscall. So I guess the error was due to a weird library issue.

Anyway, I investigated more and the getrandom syscall also uses /dev/urandom, the only difference with reading /dev/urandom directly is that the getrandom syscall with GRND_NONBLOCK is not blocking. So there should not be any security issue at reading /dev/urandom as a fallback.

I also don't know what this randomness is for, but such fallback can't harm.

For reference here is the PR that added the feature:

  • https://github.com/DaemonEngine/Daemon/pull/4

Discussion happened there:

  • https://github.com/Unvanquished/Unvanquished/pull/963

Actually, the only expected situation where the syscall would not work is that if the kernel is 10 years old, which is unlikely, but in case we face again a weird bug like the one I faced, it looks harmless to keep the fallback.

Edit: Also I noticed my initial code had an obvious bug, it was doing the fallback only if it succeeded… 🤦‍♀️️ It's now fixed.

illwieckz avatar Sep 12 '24 00:09 illwieckz

Just for the knowledge, the error I was getting before with syscall(SYS_getrandom, …) was “Invalid argument”, so EINVAL.

illwieckz avatar Sep 12 '24 01:09 illwieckz

LGTM

slipher avatar Oct 30 '24 17:10 slipher