[SECURITY] Truncation attack

Open tarcieri opened this issue 3 months ago • 0 comments

The following line: https://github.com/veorq/oee/blob/7b60330/oee.rs#L15

...may perform a partial write to the underlying file.

If the attacker can manipulate the underlying kernel object to ensure the entire write will not complete, only some of the randomness will be written to the file. This can be potentially catastrophic if the randomness is being used as a cryptographic key.

To solve the issue, write_all should be used instead.

Dec 02 '25 01:12 tarcieri