[Security-sig] PEP 522: Allow BlockingIOError in security sensitive APIs on Linux

Victor Stinner victor.stinner at gmail.com
Fri Jun 24 19:21:36 EDT 2016 

2016-06-24 22:05 GMT+02:00 Nick Coghlan <ncoghlan at gmail.com>:
> As such, the idioms I currently have in PEP 522 are wrong - the "wait
> for the system RNG or not" decision wouldn't be one to be made on a
> per-call basis, but rather on a per-__main__ execution basis, with
> developers choosing which user experience they want to support on
> systems with a non-blocking /dev/urandom:
>
> * this application will fail if you run it before the system RNG is
> ready (so you may need to add "ExecStartPre=python3 -c 'import
> secrets; secrets.wait_for_system_rng()'" in your systemd unit file)

In short, if an application is not run using systemd but directly on
the command line, it *can* fail with a fatal BlockingIOError?

Wait, I don't think that it is an acceptable behaviour from the user
point of view.

Compared to Python 2.7, Python 3.4 and Python 3.5.2 where os.urandom()
never blocks nor raises an exception on Linux, such behaviour change
can be seen as a major regression.


> * this application implicitly calls "secrets.wait_for_system_rng()"
> and hence may block waiting for the system RNG if you run it before
> the system RNG is ready

It's hard to guess if os.urandom() is used in a third-party library.
Maybe it's not. What if a new library version starts to use
os.urandom()? Should you start to call secrets.wait_for_system_rng()?

To be safe, I expect that *all* applications should start with
secrets.wait_for_system_rng()... It doesn't make sense to have to put
such code in *all* applications.

The main advantage of the PEP 522 is to control how the "system
urandom not initialized yet" case is handled. But you are more and
more saying that secrets.wait_for_system_rng() should be used to not
get BlockingIOError in most cases. Am I wrong?

I expect that some libraries will start to use
secrets.wait_for_system_rng() in their own code.

... At the end, it looks you basically reimplemented a blocking
os.urandom(), no?

--

Why do we have to bother *all* users with
secrets.wait_for_system_rng(), while only a very few will really care
of the exceptional case?

Why not adding something for users who want to handle the exceptional
case, but make os.urandom() blocking?

Sorry, I'm repeating myself, but as I wrote, I don't know yet what is
the best option, so I'm "testing" each option.

Victor

More information about the Security-SIG mailing list