[SERVER-36157] PRNG not cryptographically strong on GCC before 5.5 Created: 16/Jul/18 Updated: 06/Dec/22 Resolved: 23/Jul/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Davi Ottenheimer | Assignee: | DO NOT USE - Backlog - Dev Tools |
| Resolution: | Won't Fix | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Developer Tools
|
| Operating System: | ALL |
| Participants: |
| Description |
|
Upgrading GCC to version 5.5 fixes a security flaw with PRNG. CVSS 2.1 https://www.cvedetails.com/cve/CVE-2017-11671/ "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. " |
| Comments |
| Comment by Gregory McKeon (Inactive) [ 23/Jul/18 ] |
|
We currently don't try to generate our own strong random numbers, so we will continue to rely on the OS for this and may consider bumping the toolchain to 5.5, as discussed by acm above. |
| Comment by Andy Schwerin [ 18/Jul/18 ] |
|
MongoDB doesn't generate its own secure pseudo-random numbers. It depends on OS-provided facilities such as /dev/urandom. I don't know if any of the vendored third-party libraries do, but I'd be a little surprised if they did. |