Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Intercept /proc/sys/kernel/random/uuid #3188

Open
sporksmith opened this issue Sep 28, 2023 · 6 comments
Open

Intercept /proc/sys/kernel/random/uuid #3188

sporksmith opened this issue Sep 28, 2023 · 6 comments
Labels
Priority: High Prioritized ahead of most other issues Type: Bug Error or flaw producing unexpected results
Milestone
Remove sources of...

Comments

@sporksmith
Copy link
Contributor

From proc(2):

       /proc/sys/kernel/random/uuid (since Linux 2.4)
              Each read from this read-only file returns a randomly generated 128-bit UUID, as a string in the standard UUID format.

I noticed the tor unit tests read this file; not sure whether tor reads it in production.
@sporksmith sporksmith added the Type: Bug Error or flaw producing unexpected results label Sep 28, 2023
@sporksmith
Copy link
Contributor Author

It looks like the tor processes in the tor-minimal test do access this during initialization, though I'm not sure yet what it's used for.

After enabling strace logging in the tor minimal test:

$ grep random/uuid build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/*/tor.*.strace 
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 12
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/4uthority/tor.1000.strace:00:00:01.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 12
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/exit2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/hiddenserver/tor.1001.strace:00:15:00.000000000 [tid 1001] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/hiddenserver/tor.1001.strace:00:15:00.000000000 [tid 1001] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/hiddenserver/tor.1001.strace:00:15:00.000000000 [tid 1001] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/hiddenserver/tor.1001.strace:00:15:00.000000000 [tid 1001] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 13
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/ptbridge/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 13
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay1/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay2/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay3/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/relay4/tor.1000.strace:00:01:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 11
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torhiddenclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torhiddenclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torhiddenclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torhiddenclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torptbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torptbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torptbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3
build/src/test/tor/minimal/tor-minimal-shadow.data/hosts/torptbridgeclient/tor.1000.strace:00:15:00.000000000 [tid 1000] open("/proc/sys/kernel/random/uuid", O_CLOEXEC, Mode(0x0)) = 3

@sporksmith
Copy link
Contributor Author

Using strace -k on a native execution of tor, it looks like this is being used by libevent to initialize its RNG.

openat(AT_FDCWD, "/proc/sys/kernel/random/uuid", O_RDONLY|O_CLOEXEC) = 3
 > /usr/lib/x86_64-linux-gnu/libc.so.6(__open64+0x5b) [0x1146eb]
 > /usr/lib/x86_64-linux-gnu/libevent-2.1.so.7.0.1(evutil_open_closeonexec_+0x25) [0x1a575]
 > /usr/lib/x86_64-linux-gnu/libevent-2.1.so.7.0.1(evutil_make_internal_pipe_+0x5b0) [0x27420]
 > /usr/lib/x86_64-linux-gnu/libevent-2.1.so.7.0.1(evutil_secure_rng_init+0x23) [0x275b3]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(tor_init_libevent_rng+0x28) [0xe97f8]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(subsys_evloop_initialize+0x1d) [0xe9a1d]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(subsystems_init_upto+0x83) [0xbf7a3]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(tor_run_main+0x47) [0x69a67]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(tor_main+0x4d) [0x6615d]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(main+0x1d) [0x65d0d]
 > /usr/lib/x86_64-linux-gnu/libc.so.6(__libc_init_first+0x90) [0x29d90]
 > /usr/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x29e40]
 > /home/jnewsome/opt/tor-0.4.7.9/bin/tor(_start+0x25) [0x65d65]

@robgjansen
Copy link
Member

Oh boy, that seems bad! Could be the last rng leak causing some non-determinism I've anecdotally noticed.

@sporksmith
Copy link
Contributor Author

Yup, definitely seems worth fixing :)

It's a little more complex than e.g. /dev/random since it should produce valid UUID strings rather than just random bytes. i.e. probably needs its own FileType in regular_file.c

@sporksmith
Copy link
Contributor Author

sporksmith commented Oct 2, 2023
edited

i.e. probably needs its own FileType

Actually maybe FILE_TYPE_IN_MEMORY would work, with a new file being created for each open operation on this path.

That just leaves generating valid UUID strings using the host's RNG

@stevenengler
Copy link
Contributor

stevenengler commented Oct 3, 2023
edited

Actually maybe FILE_TYPE_IN_MEMORY would work, with a new file being created for each open operation on this path.

Might also be good to check if the random uuid is changed/regenerated when you seek to the start of the file, since some other files in /dev will sometimes do this and applications might rely on it if it does.

@robgjansen robgjansen added the Priority: High Prioritized ahead of most other issues label Jan 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: High Prioritized ahead of most other issues Type: Bug Error or flaw producing unexpected results
Projects
None yet
Milestone
Remove sources of non-determinism
Development

No branches or pull requests
3 participants
@sporksmith @robgjansen @stevenengler