[Bug 575669] [NEW] Rapid depletion of entropy pool
Launchpad Bug Tracker
575669 at bugs.launchpad.net
Thu May 6 00:39:29 UTC 2010
You have been subscribed to a public bug:
I was noticing that on several of my servers the available entropy has
been exceedingly low for the last 6-7 months. My guess is this problem
began with Ubuntu 9.10 and continues in Ubuntu 10.04. I came across
some useful information here:
http://lkml.org/lkml/2010/4/5/19
And I confirmed that running:
watch cat /proc/sys/kernel/random/entropy_avail
will rapidly deplete the entropy pool. But running the python script:
import sys, time
while True:
sys.stdout.write(open('/proc/sys/kernel/random/entropy_avail', 'r').read())
time.sleep(1)
will not rapidly deplete the entropy pool. This seems to support the
hypothesis that entropy is being drained with each launch of a process
which has been linked to the glibc randomized stack protector. Some
information about that can be found here:
http://sourceware.org/ml/libc-alpha/2008-10/msg00006.html
As many people who have run virtual servers can attest, low entropy on a
server can cause a number of difficult to diagnose performance problems
as processes block trying to access /dev/random. Low entropy may also
lead to a reduction in security for various cryptographic services.
I'm not an expert in these matters and have limited ability to test as
many of my servers are running older versions but it does appear that
those older versions do not have this behavior. This could also be a
kernel issue but I thought I would start here and see if others can
replicate this problem and help in diagnosing the issue.
** Affects: linux (Ubuntu)
Importance: Undecided
Status: Confirmed
** Tags: entropy security server
--
Rapid depletion of entropy pool
https://bugs.edge.launchpad.net/bugs/575669
You received this bug notification because you are a member of Kernel Bugs, which is subscribed to linux in ubuntu.
More information about the kernel-bugs
mailing list