xorl %eax, %eax

GRKERNSEC_RANDNET Larger Entropy Pools

leave a comment »

Continuing our journey to grsecurity we can find this patch. This is a really straightforward patch that simply doubles the size of Linux’s entropy pools. Its description is the following…

config GRKERNSEC_RANDNET
	bool "Larger entropy pools"
	help
	  If you say Y here, the entropy pools used for many features of Linux
	  and grsecurity will be doubled in size.  Since several grsecurity
	  features use additional randomness, it is recommended that you say Y
	  here.  Saying Y here has a similar effect as modifying
	  /proc/sys/kernel/random/poolsize.

So, this is done by changing the pool sizes of drivers/char/random.c as shown below.

/*
 * Configuration information
 */
#ifdef CONFIG_GRKERNSEC_RANDNET
#define INPUT_POOL_WORDS 512
#define OUTPUT_POOL_WORDS 128
#else
#define INPUT_POOL_WORDS 128
#define OUTPUT_POOL_WORDS 32
#endif

Where as you can read, in case of ‘GRKERNSEC_RANDNET’ option they’ll be double in size compared to the original ones. Similar thing is implemented at entropy pool information table like this:

static struct poolinfo {
 	int poolwords;
 	int tap1, tap2, tap3, tap4, tap5;
 } poolinfo_table[] = {
#ifdef CONFIG_GRKERNSEC_RANDNET
	/* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
	{ 512,	411,	308,	208,	104,	1 },
	/* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
	{ 128,	103,	76,	51,	25,	1 },
#else
 	/* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
 	{ 128,	103,	76,	51,	25,	1 },
 	/* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
 	{ 32,	26,	20,	14,	7,	1 },
#endif
  ...
};

Of course, as the description says, this is similar to modifying the ‘/proc/sys/kernel/random/poolsize’ value of PROCFS which is provided by the Linux kernel.

About these ads

Written by xorl

November 9, 2010 at 11:19

Posted in grsecurity, linux, security

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 59 other followers