Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD-Current Random Number Generator Broken

Posted by samzenpus on from the protect-ya-neck dept.

First time accepted submitter bobo the hobo writesThe FreeBSD random number has been discovered to be generating possibly predictable SSH keys and SSL certificates for months. Time to regenerate your keys and certs if using FreeBSD-Current. A message to the freebsd-current mailing list reads in part: "If you are running a current kernel r273872 or later, please upgrade your kernel to r278907 or later immediately and regenerate keys. I discovered an issue where the new framework code was not calling randomdev_init_reader, which means that read_random(9) was not returning good random data. read_random(9) is used by arc4random(9) which is the primary method that arc4random(3) is seeded from."

25 of 105 comments (clear)

  1. Cui bono? by Anonymous Coward · · Score: 2

    I discovered an issue where the new framework code was not calling randomdev_init_reader

    So who was responsible for introducing that change? Let's smoke out the mole.

    1. Re:Cui bono? by MrBingoBoingo · · Score: 3, Interesting

      This. So much this. When these regressions happen there are people behind them. The great value of a Linus or a Theo is shaming this people out the door. At least this was caught in -Current and not -Stable. This incident appears to be at least as much a social engineering attack as a code quality issue.

  2. Re:But FreeBSD is perfect! by Anonymous Coward · · Score: 3, Interesting

    I've heard the same things said. However, and I don't say this in jest, that while no security in any OS is perfect, OpenBSD comes the closest due to their audits. Hence, out of the BSDs I do use and endorse, it's OpenBSD.

    Some dislike Theo, but he's intensely good at running a tight ship, and since 1999 when I first started using OpenBSD for security-based boxes, I've never had an issue.

  3. Re:But FreeBSD is perfect! by Anonymous Coward · · Score: 4, Insightful

    since 1999 when I first started using OpenBSD for security-based boxes, I've never had an issue.

    That you know about.

  4. I guess this is a problem by Anonymous Coward · · Score: 2, Funny

    According to many people on this site almost every Linux user have now switched to FreeBSD because of Systemd.

  5. There are/may be worse problems with -current by mi · · Score: 4, Informative

    The -current is not a release — it is the trunk of the development tree. Using for anything important — such as data, that may be worthwhile enough for your enemies to hack for — is silly. Far worse bugs may exist in -current — or be introduced at any point.

    Stick to releases — or one of the -stable branches — for anything, that's not about working on FreeBSD itself.

    --
    In Soviet Washington the swamp drains you.
  6. Non-news.... Bug is in CURRENT not STABLE by tomxor · · Score: 5, Insightful

    Bleeding edge software has bugs?? what

    1. Re:Non-news.... Bug is in CURRENT not STABLE by tomxor · · Score: 2

      Bleeding edge software has bugs?? what

      Many people run CURRENT, so if they put their pubkeys on servers they could possibly be guessable. Try reading the article next time.

      Yes they do, yes they could, no it's not news, it's on the current branch... In true BSD style i'm going to say RTFM: https://www.freebsd.org/doc/en... Current is not intended for production, end of.

    2. Re:Non-news.... Bug is in CURRENT not STABLE by ShanghaiBill · · Score: 2

      current is essentially beta, lots of people run beta

      Actually, current is alpha. Release candidates are beta. "Beta" means it is done, except for testing, and, while there may be bug fixes, there will be no new features. That is not what "current" is. It is under active development.

  7. RE:Random Number Generator Broken by Anonymous Coward · · Score: 2, Insightful

    All of these problems will be solved when systemd integrates Rand

  8. Re:Newbish question here.. by bsdasym · · Score: 3, Informative

    No, you should be on -STABLE or at least RELENG_? if you only want security fixes. -RELEASE is just that, the release version, no updates.

  9. Re:Newbish question here.. by DarkHelmet433 · · Score: 5, Informative

    The bug was in the unreleased FreeBSD-11 work-in-progress developer tree.

    If you are running an actual release, or one of the stable branches, you are not affected.

    The main cause for concern is if you are generating keys in some form on the developer tree.

  10. Re:But FreeBSD is perfect! by EmeraldBot · · Score: 2, Insightful

    FreeBSD is the new Linux. Full of religious fan boys who act like it was written by God. This old tired line of "Linux is immune to security issues" is now more commonly used with FreeBSD (by idiots).

    You know who started the original BSD? This guy did. He also created the original vi editor, was the creator of the modern day TCP/IP stack, and had a huge hand in the creation of Java. What, praytell, have you done?

    --
    "Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
  11. That explains hearthstone! by Anonymous Coward · · Score: 2, Funny

    Why do I get both my 7 mana-cost cards on my first two draws?

    Why does the best card in my hand always wind up being the card that gets discarded on random discards?

    Why is the board-clear that I need always at position 30 in the draw pile?

    It is because they built their server backend on FreeBSD!

    It is all so clear now.

  12. How bad was the bug? by Nonesuch · · Score: 5, Funny

    This seems like an odd bug to have happen, how bad were the effects? Just 'weaker' randomness, or without randomdev_init_reader do the random routines just return the same series of pseudorandom digits every time?

    Also, obligatory Dilbert reference

    --

    I do not deploy Linux. Ever.
  13. Re:But FreeBSD is perfect! by Yomers · · Score: 2

    I just checked on openbsd.org, and I loved the FAQ section!
    4.13 - Common installation problems
    4.13.1 - My Compaq only recognizes 16M RAM
    4.13.2 - My i386 won't boot after install ...

  14. "Random" by sexconker · · Score: 2

    When blackboxed, even "return 5" is indistinguishable from a true random number generator.
    People want noisy numbers, not random numbers. Which is a good thing, because a true random number generator will never exist.

  15. But it doesn't have SystemD by Billly+Gates · · Score: 2, Funny

    So who cares??

    --
    http://saveie6.com/
  16. Alternate strategy... by damn_registrars · · Score: 2, Informative

    Just don't use keys for remote ssh logins. I know, keys are supposed to be all that any more. But based on my experience fending off billions of script kiddy attempts from my home system, it appears they aren't worth the effort and may even be counter productive.

    I say this because my home server faces the world and allows anyone who wants to, to make an attempt to login via ssh on port 22. You may say this is completely insane, but my logs suggest it isn't that bad. The overwhelming majority of all attempts on my system attempt to come straight in as root. As everyone knows, you can very easily disable root login in your sshd.conf file which leaves the person on the other end completely incapable of knowing whether or not they ever got your root password right as the response is the same.

    The end result is they make their 10,000+ attempts in a couple hours, then leave and never come back. They might take a few parting shots at other well known account names but they won't get in that way either.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:Alternate strategy... by fisted · · Score: 4, Insightful

      my home server [runs public facing sshd] on port 22. You may say this is completely insane.

      Gasp. How extremely uncommon.

      Just don't use keys for remote ssh logins.

      What? Why?

      But based on my experience [...] it appears they [...] may even be counter productive.

      And that is why exactly? None of your post explains that or seems to have anything to do with key-based login at all.

      As everyone knows, you can very easily disable root login in your sshd.conf file which leaves the person on the other end completely incapable of knowing whether or not they ever got your root password right as the response is the same.

      As happens when key-based logins are used. Your point being?

      --
      CLI paste? paste.pr0.tips!
    2. Re:Alternate strategy... by ColaMan · · Score: 4, Informative

      Sweet Jesus, at least install Fail2Ban and block an IP for 24 hours after 3 failed attempts.

      --

      You are in a twisty maze of processor lines, all alike.
      There is a lot of hype here.
  17. Re:Is FreeBSD dying? by FatdogHaiku · · Score: 3, Funny

    Netcraft Confirms FreeBSD is dying

    Facebook is too confusing!
    Don't you have a Twitter link to share?

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  18. Re:Newbish question here.. by fisted · · Score: 3, Informative

    No, and who mods this "Informative"?
    Both -CURRENT and -STABLE are development branches.

    -RELEASE is meant for production and of course gets supplied with security relevant fixes (then referred to as patchlevels).

    But yes, please go on educating people about things you don't know jack about.

    --
    CLI paste? paste.pr0.tips!
  19. This is a DEVDELOPER SNAPSHOT by gweihir · · Score: 2

    As apparently nobody bothered to find out, this is a bleeding-edge developer snapshot, not anything that was in any way "released", hence no normal users are affected.

    I do have two questions though:
    1. Why was that code touched in the first place?
    2. Who touched that code and broke it?

    It may be simple incompetence (it usually is), but it may also be a mole in the FreeBSD project. It should be ascertained that the person that did this did so in good faith. Still, some level of shaming is required even then to make people pay attention when they touch security-critical code and keep their fingers off it unless they have the required level of skill and understanding and there is actually a real need to touch that code.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  20. Shhhhhhhh by tomxor · · Score: 2

    This guy is the low hanging fruit that keeps all those automated attacks from China from developing something more sophisticated :P Not that i'm suggesting security through obscurity is the only way or anything... just an extra line of Darwinian defence.