54167 2011-02-09 22:12:28 -0800 REGRESSION(r78149): Return value of read() shouldn't be ignored. 2011-02-11 10:41:42 -0800 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) PC Linux RESOLVED FIXED P1 Blocker --- 0 jarred webkit-unassigned abarth ap commit-queue darin pvarga oldest_to_newest 348813 0 jarred 2011-02-09 22:12:28 -0800 Build break for gcc 4.4.5. 348814 1 81924 jarred 2011-02-09 22:15:46 -0800 Created attachment 81924 Proposed patch use return value of read in both debug and release modes. 348861 2 81924 ap 2011-02-10 00:45:52 -0800 Comment on attachment 81924 Proposed patch Why not just use the CRASH() version in both debug and release? A quick web search suggests that reads from /dev/urandom never fails in practice, just possibly degrading quality (not sure if there's a proper spec for this). I'm wondering if one Web page will be able to predict random numbers generated in other pages by exhausting OS randomness first. 348864 3 jarred 2011-02-10 00:48:58 -0800 (In reply to comment #2) > (From update of attachment 81924 [details]) > Why not just use the CRASH() version in both debug and release? > Yeah I suppose I could. I don't ever predict /dev/urandom to fail to provide the exact number of requested bytes. I'll revise. > A quick web search suggests that reads from /dev/urandom never fails in practice, just possibly degrading quality (not sure if there's a proper spec for this). I'm wondering if one Web page will be able to predict random numbers generated in other pages by exhausting OS randomness first. Good thought. May want to hit up the Chromium team who added this :) 348866 4 81934 jarred 2011-02-10 00:50:53 -0800 Created attachment 81934 Proposed patch 348953 5 81934 commit-queue 2011-02-10 04:46:38 -0800 Comment on attachment 81934 Proposed patch Clearing flags on attachment: 81934 Committed r78203: <http://trac.webkit.org/changeset/78203> 348954 6 commit-queue 2011-02-10 04:46:47 -0800 All reviewed patches have been landed. Closing bug. 348966 7 ossy 2011-02-10 05:05:42 -0800 *** Bug 54190 has been marked as a duplicate of this bug. *** 349181 8 ap 2011-02-10 10:48:42 -0800 Adam, I'm still curious about your thoughts on the issue of Web content abusing randomness source, and thus affecting other pages (and even other processes?!). Is there a rate limit or some other protection against that? 349312 9 abarth 2011-02-10 13:09:09 -0800 (In reply to comment #8) > Adam, I'm still curious about your thoughts on the issue of Web content abusing randomness source, and thus affecting other pages (and even other processes?!). Is there a rate limit or some other protection against that? Access to OS randomness is mediated by a cryptographic PRNG in WTF. There shouldn't be a problem with sharing the crypto PRNG with other web pages. If there was, that would be an attack on RC4, and we'd have bigger problems! Now, there's the question of whether it's dangerous to let web pages pull from OS randomness, even mediated by a PRNG. I don't think that's overly dangerous. In many common scenarios, web pages can already pull from OS randomness. For example, the <keygen> element lets you generate certificates, which requires a bunch of OS randomness. As another example, WTF::randomNumber backends to arc4random on Mac, which backends to /dev/urandom. To the extent that web pages can cause WebKit to call WTF::randomNumber, they can already convince us to extract randomness from the OS. 349835 10 ap 2011-02-11 10:41:42 -0800 > Now, there's the question of whether it's dangerous to let web pages pull from OS randomness, even mediated by a PRNG. Yes, that's my concern. Perhaps this hasn't been exploited yet, but it seems likely to be exploitable. 81924 2011-02-09 22:15:46 -0800 2011-02-10 00:50:53 -0800 Proposed patch read-return.patch text/plain 1368 jarred ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGRhMDE5NTUuLmIzODUzMzIgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRD b3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDExLTAyLTA5ICBKYXJyZWQgTmljaG9s bHMgIDxqYXJyZWRAc2VuY2hhLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBSRUdSRVNTSU9OKHI3ODE0OSk6IFJldHVybiB2YWx1ZSBvZiByZWFk KCkgc2hvdWxkbid0IGJlIGlnbm9yZWQuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD01NDE2NworICAgICAgICAKKyAgICAgICAgc3RkaW8gcmVhZCBzaG91 bGQgaGF2ZSBpdHMgcmV0dXJuIHZhbHVlIGhhbmRsZWQuIEJ1aWxkIGVycm9yIGluIGdjYyA0LjQu NS4KKworICAgICAgICAqIHd0Zi9PU1JhbmRvbVNvdXJjZS5jcHA6CisgICAgICAgIChXVEY6OnJh bmRvbVZhbHVlc0Zyb21PUyk6CisKIDIwMTEtMDItMDkgIEdhdmluIEJhcnJhY2xvdWdoICA8YmFy cmFjbG91Z2hAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IFNhbSBXZWluaWcuCmRp ZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvd3RmL09TUmFuZG9tU291cmNlLmNwcCBi L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5kb21Tb3VyY2UuY3BwCmluZGV4IDQzYWRh NDYuLjA3ODJlMjQgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5k b21Tb3VyY2UuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5kb21Tb3Vy Y2UuY3BwCkBAIC01MCw3ICs1MCwxNCBAQCB2b2lkIHJhbmRvbVZhbHVlc0Zyb21PUyh1bnNpZ25l ZCBjaGFyKiBidWZmZXIsIHNpemVfdCBsZW5ndGgpCiAgICAgaWYgKGZkIDwgMCkKICAgICAgICAg Q1JBU0goKTsgLy8gV2UgbmVlZCAvZGV2L3VyYW5kb20gZm9yIHRoaXMgQVBJIHRvIHdvcmsuLi4K IAotICAgIHJlYWQoZmQsIGJ1ZmZlciwgbGVuZ3RoKTsKKyAgICBzc2l6ZV90IGJ5dGVzUmVhZCA9 IHJlYWQoZmQsIGJ1ZmZlciwgbGVuZ3RoKTsKKyNpZiBBU1NFUlRfRElTQUJMRUQKKyAgICBpZiAo Ynl0ZXNSZWFkICE9IGxlbmd0aCkKKyAgICAgICAgQ1JBU0goKTsKKyNlbHNlCisgICAgQVNTRVJU KGJ5dGVzUmVhZCA9PSBsZW5ndGgpOworI2VuZGlmCisKICAgICBjbG9zZShmZCk7CiAjZWxpZiBD T01QSUxFUihNU1ZDKQogICAgIGZvciAoc2l6ZV90IGkgPSAwOyBpIDwgbGVuZ3RoOyBpKyspIHsK 81934 2011-02-10 00:50:53 -0800 2011-02-10 04:46:38 -0800 Proposed patch read-return.patch text/plain 1261 jarred ZGlmZiAtLWdpdCBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cgYi9Tb3VyY2UvSmF2 YVNjcmlwdENvcmUvQ2hhbmdlTG9nCmluZGV4IGRhMDE5NTUuLmIzODUzMzIgMTAwNjQ0Ci0tLSBh L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL0phdmFTY3JpcHRD b3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1IEBACisyMDExLTAyLTA5ICBKYXJyZWQgTmljaG9s bHMgIDxqYXJyZWRAc2VuY2hhLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBSRUdSRVNTSU9OKHI3ODE0OSk6IFJldHVybiB2YWx1ZSBvZiByZWFk KCkgc2hvdWxkbid0IGJlIGlnbm9yZWQuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3Jn L3Nob3dfYnVnLmNnaT9pZD01NDE2NworICAgICAgICAKKyAgICAgICAgc3RkaW8gcmVhZCBzaG91 bGQgaGF2ZSBpdHMgcmV0dXJuIHZhbHVlIGhhbmRsZWQuIEJ1aWxkIGVycm9yIGluIGdjYyA0LjQu NS4KKworICAgICAgICAqIHd0Zi9PU1JhbmRvbVNvdXJjZS5jcHA6CisgICAgICAgIChXVEY6OnJh bmRvbVZhbHVlc0Zyb21PUyk6CisKIDIwMTEtMDItMDkgIEdhdmluIEJhcnJhY2xvdWdoICA8YmFy cmFjbG91Z2hAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IFNhbSBXZWluaWcuCmRp ZmYgLS1naXQgYS9Tb3VyY2UvSmF2YVNjcmlwdENvcmUvd3RmL09TUmFuZG9tU291cmNlLmNwcCBi L1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5kb21Tb3VyY2UuY3BwCmluZGV4IDQzYWRh NDYuLjFlZWYyOTkgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5k b21Tb3VyY2UuY3BwCisrKyBiL1NvdXJjZS9KYXZhU2NyaXB0Q29yZS93dGYvT1NSYW5kb21Tb3Vy Y2UuY3BwCkBAIC01MCw3ICs1MCw5IEBAIHZvaWQgcmFuZG9tVmFsdWVzRnJvbU9TKHVuc2lnbmVk IGNoYXIqIGJ1ZmZlciwgc2l6ZV90IGxlbmd0aCkKICAgICBpZiAoZmQgPCAwKQogICAgICAgICBD UkFTSCgpOyAvLyBXZSBuZWVkIC9kZXYvdXJhbmRvbSBmb3IgdGhpcyBBUEkgdG8gd29yay4uLgog Ci0gICAgcmVhZChmZCwgYnVmZmVyLCBsZW5ndGgpOworICAgIGlmIChyZWFkKGZkLCBidWZmZXIs IGxlbmd0aCkgIT0gbGVuZ3RoKQorICAgICAgICBDUkFTSCgpOworCiAgICAgY2xvc2UoZmQpOwog I2VsaWYgQ09NUElMRVIoTVNWQykKICAgICBmb3IgKHNpemVfdCBpID0gMDsgaSA8IGxlbmd0aDsg aSsrKSB7Cg==