vserver Howto/FAQ

Howto index

Vservers can write to /dev/random, is this a problem ?

I found the following post on linux-kernel

which states:

No, writing to /dev/random does not feed update entropy estimate. It does mix data into the pool, but the mixing algorithm is designed so that you can do no harm by mixing any data into the pool --- even nasty data chosen by an attacker. Hence, allowing someone to write into /dev/random is perfectly safe; it can cause no damage, and might improve things. That's why /dev/random should be world-writable. There is a separate ioctl which requires root privs to atomically mix data into the pool and update the entropy estimate. That's the interface which is supposed to be used by trusted daemons which pull data from various hardware devices, and feed them into /dev/random.

So writing is safe. How about ioctls. Some may indeed influence the entropy pool. But they are already protected by the CAP_SYS_ADMIN capability, so even root in a virtual private server can't use them.