This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Lukasa
Recipients Colm Buckley, Lukasa, alex, christian.heimes, doko, dstufft, larry, lemburg, martin.panter, matejcik, ned.deily, python-dev, rhettinger, skrah, thomas-petazzoni, vstinner, ztane
Date 2016-06-07.19:03:48
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za>
In-reply-to
Content 
> So you are intentionally accepting a new vector for DoS attacks, and calling
this non-reduced security?

This is only a DoS vector if you can hit the server so early in the boot process that it doesn't have enough entropy. The *second* enough entropy has been gathered getrandom() will never block again.

In essence, then, the situation where it becomes possible to DoS a server is entirely outside an attackers control and extremely unlikely to ever actually occur in real life: you can only DoS the server if you can demand entropy before the system has gathered enough, and if the server has managed to *boot* by then then the alternative is that it is incapable of generating secure random numbers and shouldn't be running exposed against the web anyway.
History
Date User Action Args
2016-06-07 19:03:48Lukasasetrecipients: + Lukasa, lemburg, rhettinger, doko, vstinner, larry, christian.heimes, matejcik, ned.deily, alex, skrah, python-dev, martin.panter, ztane, dstufft, thomas-petazzoni, Colm Buckley
2016-06-07 19:03:48Lukasasetmessageid: <1465326228.41.0.227190625531.issue26839@psf.upfronthosting.co.za>
2016-06-07 19:03:48Lukasalinkissue26839 messages
2016-06-07 19:03:48Lukasacreate