Re: [libvirt] [PATCH] conf: Drop restrictions on rng backend path
On Wed, Apr 20, 2016 at 06:19:25PM -0400, Cole Robinson wrote:
Currently we only allow /dev/random and /dev/hwrng as host input
for <rng><backend model='random'/> device. This was added after
various upstream discussions in commit 4932ef45
However this restriction has generated quite a few complaints over
the years, so a new discussion was initiated:
http://www.redhat.com/archives/libvir-list/2016-April/msg00987.html
Several people suggested removing the restriction, and nobody really
spoke up to defend it. So this patch drops the path restriction
entirely
ACK, despite explicit request for details, no one has been able to
give a clear description of a security problem in using urandom.
It has all just been hand-wavey assertions with nothing to back
it up, against other people's analysis showing urandom to be safe.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|