Re: [Sks-devel] why does SKS have /dev/random open for writing?

[Daniel Kahn Gillmor]

On 09/20/2013 02:01 AM, Phil Pennock wrote:
> On 2013-09-19 at 13:31 -0400, Daniel Kahn Gillmor wrote:
>> hi SKS folks--
>>
>> I was just looking at the behavior of sks 1.1.4, and i noticed that it
>> seems to have /dev/random open for writing:
>>
>> 0 zimmermann:~# lsof /dev/random 
>> COMMAND PID       USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
>> sks     742 debian-sks    3w   CHR    1,8      0t0 1244 /dev/random
>> sks     756 debian-sks    3w   CHR    1,8      0t0 1244 /dev/random
>> 0 zimmermann:~# 
> 
> Something hinky here, as for me fd 3 is always the fd opened on the
> pid-file, which I would expect to be opened for writing-only.  That's
> managed by the daemon wrapper with which I start sks, so that sks
> inherits it as an open fd.  I wonder if there's something glitchy in
> your start-up/daemon-supervision configuration?  /dev/random being
> specified as the pidfile ...

Thanks to everyone for testing and reporting back.  I've tested further
now, and it appears that the behvaior i noticed (/dev/random is open for
writing only) only happens when sks is launched under the supervision of
systemd :/

launching it under strace (both under systemd and from a shell) confirms
John's observation of it being only opened RDONLY.

Frustratingly, if i launch sks under systemd with:

ExecStart=/usr/bin/strace -f -o /tmp/sks.strace /usr/sbin/sks -stdoutlog db

then the file descriptor for /dev/random is indeed 3r.

But if i use:

ExecStart=/usr/sbin/sks -stdoutlog db

then the file descriptor for /dev/random is 3w.

I suppose further investigation would involve a minimal program
exercising ocaml's cryptokit library, launching from systemd.  I don't
have time to pursue that at the moment, but i'd be happy to read any
followup if other folks have the opportunity to test it.

        --dkg

signature.asc
Description: OpenPGP digital signature