Skip to content

getrandom() syscall returning EPERM make the system unusable. #72142

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
iwings mannequin opened this issue Sep 5, 2016 · 7 comments
Closed

getrandom() syscall returning EPERM make the system unusable. #72142

iwings mannequin opened this issue Sep 5, 2016 · 7 comments
Labels
3.7 (EOL) end of life type-bug An unexpected behavior, bug, or error

Comments

@iwings
Copy link
Mannequin

iwings mannequin commented Sep 5, 2016

BPO 27955
Nosy @ncoghlan, @vstinner, @tiran
PRs
  • [Do Not Merge] Convert Misc/NEWS so that it is managed by towncrier #552
  • Files
  • random.diff
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
    closed_at = <Date 2016-09-20.20:56:29.585>
    created_at = <Date 2016-09-05.13:25:37.693>
    labels = ['type-bug', '3.7']
    title = 'getrandom() syscall returning EPERM make the system unusable.'
    updated_at = <Date 2017-03-31.16:36:06.996>
    user = 'https://bugs.python.org/iwings'

    bugs.python.org fields:

    activity = <Date 2017-03-31.16:36:06.996>
    actor = 'dstufft'
    assignee = 'none'
    closed = True
    closed_date = <Date 2016-09-20.20:56:29.585>
    closer = 'vstinner'
    components = []
    creation = <Date 2016-09-05.13:25:37.693>
    creator = 'iwings'
    dependencies = []
    files = ['44371']
    hgrepos = []
    issue_num = 27955
    keywords = ['patch']
    message_count = 7.0
    messages = ['274399', '274401', '274404', '274405', '274744', '277064', '277065']
    nosy_count = 5.0
    nosy_names = ['ncoghlan', 'vstinner', 'christian.heimes', 'python-dev', 'iwings']
    pr_nums = ['552']
    priority = 'normal'
    resolution = 'fixed'
    stage = None
    status = 'closed'
    superseder = None
    type = 'behavior'
    url = 'https://bugs.python.org/issue27955'
    versions = ['Python 3.5', 'Python 3.6', 'Python 3.7']

    @iwings
    Copy link
    Mannequin Author

    iwings mannequin commented Sep 5, 2016

    On QNAP's Linux Station (lxc based virtual environment), getrandom() syscall returns EPERM not ENOSYS when it's not available.

    (HOST) uname -a
    Linux ******-NAS 3.12.6 #1 SMP Thu Sep 1 00:57:44 CST 2016 x86_64 unknown

    (HOST) /lib64/libc-2.19.so
    GNU C Library (Ubuntu EGLIBC 2.19-0ubuntu6.6) stable release version 2.19, by Roland McGrath et al.

    (LXC) uname -a
    Linux ubuntu_1604 3.12.6 #1 SMP Thu Sep 1 00:57:44 CST 2016 x86_64 x86_64 x86_64 GNU/Linux

    (LXC) /lib/x86_64-linux-gnu/libc.so.6
    GNU C Library (Ubuntu GLIBC 2.23-0ubuntu3) stable release version 2.23, by Roland McGrath et al.

    (LXC)
    long n = syscall(SYS_getrandom, buffer, sizeof(buffer), flags);
    printf("SYS_getrandom: %ld (%d)\n", n, errno);
    => 
    SYS_getrandom: -1 (1)

    Proper fall back to /dev/urandom is not happening in this case, so most python app calling getrandom function fails. This includes apt, command-not-found etc.

    @iwings iwings mannequin added the type-bug An unexpected behavior, bug, or error label Sep 5, 2016
    @tiran
    Copy link
    Member

    tiran commented Sep 5, 2016

    Did you open a bug with your vendor, too? QNAP is clearly violating Kernel APIs. getrandom() is not suppose to fail with EPERM. Valid errnos are EINVAL, EFAULT, EAGAIN and EINTR. http://man7.org/linux/man-pages/man2/getrandom.2.html

    @iwings
    Copy link
    Mannequin Author

    iwings mannequin commented Sep 5, 2016

    I did not report this to QNAP yet. but there's already a thread on their forum.
    https://forum.qnap.com/viewtopic.php?t=124650 (registration required)

    • ENOSYS is not listed in that man page, but it occurs.
    • EPERM is not listed in that man page, but it can be returned if seccomp filters getrandom() syscall for example.

    So preparing for these return values are meaningful not only for QNAP users.

    @vstinner
    Copy link
    Member

    vstinner commented Sep 5, 2016

    I'm ok to fallback on read /dev/urandom device when getrandom() is
    blocked by a stupid security policy :-)

    @ncoghlan
    Copy link
    Contributor

    ncoghlan commented Sep 7, 2016

    With bpo-27778 implemented, there's also the question of how os.getrandom() will react to security policies that restrict access to the getrandom syscalls (vs just not having it available in the kernel).

    @python-dev
    Copy link
    Mannequin

    python-dev mannequin commented Sep 20, 2016

    New changeset 41e9e711b9b5 by Victor Stinner in branch '3.5':
    Cleanup random.c
    https://hg.python.org/cpython/rev/41e9e711b9b5

    New changeset ddc54f08bdfa by Victor Stinner in branch '3.5':
    Catch EPERM error in py_getrandom()
    https://hg.python.org/cpython/rev/ddc54f08bdfa

    New changeset 27d05bb6f832 by Victor Stinner in branch '3.6':
    (Merge 3.5) Catch EPERM error in py_getrandom()
    https://hg.python.org/cpython/rev/27d05bb6f832

    @vstinner
    Copy link
    Member

    I modified Python 3.5, 3.6 and 3.7 to fall back on reading /dev/urandom when getrandom() syscall fails with EPERM.

    Thanks for the bug report iwings!

    Note: Python 2.7 does not use getrandom() and so is not impacted.

    Christian:

    Did you open a bug with your vendor, too? QNAP is clearly violating Kernel APIs. getrandom() is not suppose to fail with EPERM.

    I don't know if it can be seen as a violation of the Kernel API, but at least, it doesn't seem to be something smart to block getrandom() syscall. getrandom() was designed to enhance the security of applications ;-)

    Nick:

    With bpo-27778 implemented, there's also the question of how os.getrandom() will react to security policies that restrict access to the getrandom syscalls (vs just not having it available in the kernel).

    This is no question: os.getrandom() of Python 3.6 is a thin wrapper on the syscall. If the syscall fails, the Python function raises an exception ;-) OSError(EPERM) on this case.

    @vstinner vstinner added the 3.7 (EOL) end of life label Sep 20, 2016
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.7 (EOL) end of life type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Development

    No branches or pull requests

    3 participants