Re: [bitfolk] Dear Entropy service users, what software uses…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Andy Smith at <-
MMAdam Spiers at ->

Reply to this message
Author: Roger Light
Date:  
To: users
Subject: Re: [bitfolk] Dear Entropy service users, what software uses /dev/random?
Hi,

I listened to some of the ubuntu podcast on the way in to work this
morning and they mentioned the util "fatrace". Turns out you can't use
the fanotify functions with /dev, but I've managed to figure out a
good way of doing this.

Assuming you've got SystemTap (kernel probing functionality, see at
the end of the email) installed, then try:

sudo stap random_read.stp

where random_read.stp looks like: 

probe kernel.function("random_read").call
{
    printf("%s[%d] len:%d\n", execname(), tid(), $nbytes)
}


This will print out the executable name, process id and number of
bytes requested each time a process reads from /dev/random. You can
verify it with e.g.

dd if=/dev/random of=/dev/null count=1

FWIW, whilst I was testing I was using urandom_read instead and exim
was reading from there, not from random_read. ymmv. The only thing
I've seen so far is "dd" :) I'll leave it running and report back if I
spot anything.

This is the first time I've played with systemtap and I may have
missed something. I'm not sure that the ".call" should be there for
example.

Cheers,

Roger



Installation notes for ubuntu:

apt-get install systemtap

# Install kernel debug symbols, this is less optimal than it could be.
See https://wiki.ubuntu.com/Kernel/Systemtap#Where_to_get_debug_symbols_for_kernel_X.3F 

codename=$(lsb_release -c | awk  '{print $2}')
sudo tee /etc/apt/sources.list.d/ddebs.list << EOF
deb http://ddebs.ubuntu.com/ ${codename}      main restricted universe
multiverse
deb http://ddebs.ubuntu.com/ ${codename}-security main restricted
universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-updates  main restricted
universe multiverse
deb http://ddebs.ubuntu.com/ ${codename}-proposed main restricted
universe multiverse
EOF


sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ECDCAD72428D7C01
sudo apt-get update
sudo apt-get install linux-image-$(uname -r)-dbgsym



On Mon, Mar 14, 2016 at 10:24 AM, Andy Smith <andy@???> wrote:
> On Mon, Mar 14, 2016 at 10:22:28AM +0000, Andy Smith wrote:
>> $ sudo strace -o open -p $(pgrep exim4) 2>&1 | grep random
>
> Hmm, maybe need a -ff on that to follow forks…
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iEYEAREDAAYFAlbmkVMACgkQIJm2TL8VSQuUkgCfdFHtYhq/iJsa3HXykeVA73GH
> gDMAn13IDR+rDx63BHFGp2HnGuJbTgEE
> =j5zJ
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> users mailing list
> users@???
> https://lists.bitfolk.com/mailman/listinfo/users
>

This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Dear Entropy service users, what software uses /dev/random?Re: [bitfolk] Dear Entropy service users, what software uses /dev/random?->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)