[SERVER-25659] InputStreamSecureRandom should open the urandom device file descriptor once at the start Created: 17/Aug/16  Updated: 06/Dec/22  Resolved: 02/Nov/20

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Ricardo Lorenzo Assignee: Backlog - Security Team
Resolution: Duplicate Votes: 4
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-26995 mongos crashed with cannot open /dev/... Closed
is duplicated by SERVER-43641 platform/random.h causing bugs, upgra... Closed
is duplicated by SERVER-51803 Please backport SERVER-43641 Closed
Related
is related to SERVER-28001 Mongodb Crashed with the Got signal: ... Closed
Assigned Teams:
Server Security
Participants:
Case:

 Description   

The current approach is to use and toss out the secure random source after
essentially one use. That means three syscalls are required for every generated number, including an expensive file open.

Opening urandom once at startup, will help to find out early if there
is a problem with the device permissions or descriptor limits, and could quit early with a better diagnostic message.



 Comments   
Comment by Spencer Jackson [ 02/Nov/20 ]

I'm marking this ticket as a duplicate of the now resolved SERVER-43641. SERVER-43641 allowed all consumers of the secure random number generator to share a single FD for /dev/urandom, eliminating the redundant fopens described in this ticket.

Comment by Andrew Morrow (Inactive) [ 01/Mar/17 ]

Hi birdylee_cn - Can you please let us know in what way we can help? Do you believe you are being adversely affected by the issue in this ticket? Can you provide some more details?

Comment by birdylee_cn [ 12/Nov/16 ]

Hello, can some one help me?

Generated at Thu Feb 08 04:09:49 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.