Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:93427 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 84517 invoked from network); 22 May 2016 05:05:06 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 May 2016 05:05:06 -0000 Authentication-Results: pb1.pair.com smtp.mail=smalyshev@gmail.com; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=smalyshev@gmail.com; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.192.196 as permitted sender) X-PHP-List-Original-Sender: smalyshev@gmail.com X-Host-Fingerprint: 209.85.192.196 mail-pf0-f196.google.com Received: from [209.85.192.196] ([209.85.192.196:33698] helo=mail-pf0-f196.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id ED/30-17068-00E31475 for ; Sun, 22 May 2016 01:05:04 -0400 Received: by mail-pf0-f196.google.com with SMTP id y7so15394632pfb.0 for ; Sat, 21 May 2016 22:05:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=jLhCnRexjnJl1cHGkLlakxHMnrbwlFLtASqRWPibt/8=; b=gNd5qYAjavX+2gZN+bFZ4l8CcNNRAc8OMPZ8pJzeJDtxuGKJ/NKpYg8IC5IVF3tCev S1fs20ULMfjNoFZ3H0hhn7WCbjq98U+pfFtQ91JfFi0qFEERPmmCrbx17Mkr7wpirsNt Ib0au3mL1fKGSQdWXHkplpQMLTDrB12lzM07RZA00m0YGplC3ZWKQKszDaOx/CcBLaVK e3cwTwB8NDctip60eunlBAR0zCN4VW+EzMddTTRh931NFjFRf27wOU3wfSd4iUn69bEb WH1jSLVU9rt/9B1fICpJCot2PMULrUB9WxIdvNO1X0xEMPsEpasOlD28j5OE7k8E9u8M yv4Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=jLhCnRexjnJl1cHGkLlakxHMnrbwlFLtASqRWPibt/8=; b=TgQjQtHU+F6PCKGxqG4wjvVx9jKvsR+5xu6x9cpVGCxRuhYluh0MoOSpAVzuFZLNMR 2xjvkywhmaY8Frm5L4/gXKgZwPvfRmXeNzP2CWFvn/indMtaDSo3KOXXI/0ifcC5pzPV o1kB0ALxYuEdS5l5gq9q4N4OpFD6YohLQwUhMi9jSkG4N8grpbyqHHj7L4lUmkjeDXAE LL1SC2BD6HUpgtzJdt3qE4TMs5fH0dzCX868Ny+bjWsqq5fZtXkX0V/zULO4w43lTWWi YkaUmnUy/m8YD7JAoYAILlD1nFEQxOGKBwdWe3z2Itqb93n4bqLUtxV7bW3d2Xs8z3F7 QxzA== X-Gm-Message-State: AOPr4FX8mS6k2r+xgSjtu+bA+T1+dg3DiUUj4h4cr5Nl+aTecWs0Nt0HWHUmR+RgRrNcDw== X-Received: by 10.98.93.129 with SMTP id n1mr17399427pfj.16.1463893500566; Sat, 21 May 2016 22:05:00 -0700 (PDT) Received: from [192.168.2.102] (76-220-46-95.lightspeed.sntcca.sbcglobal.net. [76.220.46.95]) by smtp.gmail.com with ESMTPSA id tk4sm15031230pab.3.2016.05.21.22.04.58 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 21 May 2016 22:04:58 -0700 (PDT) To: Scott Arciszewski , PHP Internals References: Message-ID: Date: Sun, 22 May 2016 01:04:57 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Subject: Re: [PHP-DEV] PHP 7 CSPRNG - block on /dev/random? From: smalyshev@gmail.com (Stanislav Malyshev) Hi! > Question: Is there a nonzero chance of a PHP application running at boot > time on an older GNU/Linux machine? If so, should we adopt this "unseeded > CSPRNG" mitigation employed by libsodium for ancient Linux kernels? > > https://github.com/jedisct1/libsodium/issues/374 > https://github.com/jedisct1/libsodium/commit/c752eb55d9e9992bc38e7790128953427aa0a89f > > This could be done as a security patch for PHP 7.0.x if there's any concern > about startup entropy e.g. on embedded devices. If they're running Linux kernel that deserves to be called "ancient", wouldn't they also run old PHP? In any case, from the problem description, it looks like the problem happens "on early boot". I don't see how you can get to run PHP code before you get way, way beyond early boot. > I'm not aware of any such projects being written in PHP, so my intuition is > this is a non-issue for us. I agree, this appears to be non-issue for PHP. -- Stas Malyshev smalyshev@gmail.com