Technology news and Jobs arrow Our Blogs arrow Open Sauce arrow Debian's worst nightmare - and how it came about
Debian's worst nightmare - and how it came about E-mail
by Sam Varghese   
Friday, 23 May 2008
Page 1 of 3
The Debian GNU/Linux project has just endured what is probably its worst week on the security front in the 15 years of its existence following the disclosure on May 13 of a serious vulnerability in the distribution's OpenSSL package.

Featured Whitepaper

5 Best Practices for Smartphone Support

In the days since, there has been scathing criticism, some thoughtful analysis and quite a bit of discussion, both within and outside the project, about the how and why of the vulnerability.

(Disclosure: I have been a Debian user for the last eight years and currently run the AMD64, x86 and MIPS ports of the distribution).

What made the situation even worse was the fact that the bug was introduced as a result of a Debian-specific change made in September 2006.

This change resulted in the random number generator in the OpenSSL package being predictable. Key generation was limited to about 32000 different unique keys, a rather small space when it comes to brute-force searches.

Within OpenSSL, the valgrind memory management profiler can use uninitialised memory as a potential source of entropy/randomness; the change introduced by the Debian developer removed two lines of code, with his intention being that the profiler would stop complaining about the improper use of uninitialised memory.

While this was achieved, the removal of the second line also removed all sources of entropy apart from the process ID which limited the number of unique keys to that given above.

There are a few things to be noted here. The Debian developer in question, Kurt Roeckx, sent a message to the openssl-dev mailing list on May 1, 2006, titled "Random number generator, uninitialised memory and valgrind", proposing the changes which he wanted to make - the commenting out of the two lines of code. He also mentioned that he had no idea what effect this would have on the random number generator.

(It must be noted that the two lines of code were similar - and the removal of the first actually did away with mixing uninitialised memory into the pool. The developer assumed that the second occurrence did the same function as the first and removed it as well. That caused the problem. Neither line of code was commented in the original source.)

In reply, OpenSSL developer Ulf Moller responded that if it helped with debugging, then he was in favour of removing the two lines.


<< First page <   1 2 3 Next page > Last page - Post your comment >>
 
< Next story in category   Previous story in the category >
iTWire user statistics Visitors last 30 days
 694,279
Subscribers 15,210
#1 independent technology news advertise here
  •   *  
  • Search
  • AdvSeach
  • Login
  • Events
  • FreeStuff

- Advertisement -

Featured Whitepapers

...More

Today on iTWireToday on iTWire

Latest news
Open Sauce - A GNU perspective Subscribe to the RSS
Open Sauce focuses on the wonderful, wacky world of free and open source software where people write great applications and actually allow others to use them without payment.
Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

iTWire and you

Contact , Register , Links , About iTWire , Feedback , Post your jobs , Events , iTWire site map , Start Blogging , MyBlogLog page , Advertise with iTWire , Subscribe to SMS headlines , White Papers