Bug#322406: marked as done (exim4: Excessive use of /dev/random)

Debian Bug Tracking System owner at bugs.debian.org
Wed Aug 10 15:33:37 UTC 2005


Your message dated Wed, 10 Aug 2005 17:21:00 +0200
with message-id <20050810152058.GF26172 at torres.l21.ma.zugschlus.de>
and subject line Bug#322406: exim4: Excessive use of /dev/random
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Aug 2005 14:13:43 +0000
>From jgoerzen at complete.org Wed Aug 10 07:13:43 2005
Return-path: <jgoerzen at complete.org>
Received: from glockenspiel.complete.org [69.10.152.57] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E2rKx-0005yN-00; Wed, 10 Aug 2005 07:13:43 -0700
Received: from gatekeeper.excelhustler.com ([68.99.114.105] helo=heinrich.complete.org)
	by glockenspiel.complete.org with esmtps
	(with TLS-1.0:RSA_AES_256_CBC_SHA:32)
	(TLS peer CN christoph.complete.org, certificate verified)
	(Exim 4.50)
	id 1E2rKu-0004Za-Dh; Wed, 10 Aug 2005 09:13:44 -0500
Received: from jgoerzen by heinrich.complete.org with local
	(Exim 4.52)
	id 1E2rKG-0002iT-SU; Wed, 10 Aug 2005 09:13:00 -0500
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: John Goerzen <jgoerzen at complete.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: exim4: Excessive use of /dev/random
X-Mailer: reportbug 3.15
Date: Wed, 10 Aug 2005 09:13:00 -0500
Message-Id: <E1E2rKG-0002iT-SU at heinrich.complete.org>
X-Virus-Scanned: by Exiscan on glockenspiel.complete.org at Wed, 10 Aug 2005 09:13:44 -0500
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: exim4
Version: 4.52-1
Severity: normal

I had some messages sitting in my queue that just weren't getting
delivered, even though a delivery process had existed for them for over
30 minutes.  They were just sending to a smarthost on the LAN.

It looked like it was hanging after STARTTLS.  (TLS is used to send mail
to the LAN smarthost)

After awhile, I ran with debugging and discovered it was hanging after
this:

10.200.0.2 in hosts_avoid_tls? no (option unset)
  SMTP>> STARTTLS
waiting for data on socket
read response data: size=18
  SMTP<< 220 TLS go ahead
initializing GnuTLS as a client
parameter cache file /var/spool/exim4/gnutls-params does not exist
generating 512 bit RSA key...

Poking around with strace revealed that it was trying to pull from
/dev/random, which was apparently depleted.  (The system was mostly idle
at that time.)

Perhaps exim4 should revert to /dev/urandom if it can't get enough
randomness from /dev/random in a reasonable amount of time.

OTOH, I don't understand why it has to generate a key anyway.

-- Package-specific info:
Exim version 4.52 #1 built 02-Jul-2005 06:12:03
Copyright (c) University of Cambridge 2005
Berkeley DB: Sleepycat Software: Berkeley DB 4.2.52: (December  3, 2003)
Support for: iconv() IPv6 GnuTLS
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-rc3-mm1
Locale: LANG=C, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages exim4 depends on:
ii  exim4-base                    4.52-1     support files for all exim MTA (v4
ii  exim4-daemon-light            4.52-1     lightweight exim MTA (v4) daemon

exim4 recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 322406-done) by bugs.debian.org; 10 Aug 2005 15:21:02 +0000
>From mh+debian-packages at zugschlus.de Wed Aug 10 08:21:02 2005
Return-path: <mh+debian-packages at zugschlus.de>
Received: from 5301d.unt0.torres.l21.ma.zugschlus.de (torres.int.l21.ma.zugschlus.de) [217.151.83.1] (Debian-exim)
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1E2sO6-0008P5-00; Wed, 10 Aug 2005 08:21:02 -0700
Received: from mh by torres.int.l21.ma.zugschlus.de with local (Exim 4.52)
	id 1E2sO4-0007xv-9C; Wed, 10 Aug 2005 17:21:00 +0200
Date: Wed, 10 Aug 2005 17:21:00 +0200
From: Marc Haber <mh+debian-packages at zugschlus.de>
To: John Goerzen <jgoerzen at complete.org>, 322406-done at bugs.debian.org
Subject: Re: Bug#322406: exim4: Excessive use of /dev/random
Message-ID: <20050810152058.GF26172 at torres.l21.ma.zugschlus.de>
References: <E1E2rKG-0002iT-SU at heinrich.complete.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1E2rKG-0002iT-SU at heinrich.complete.org>
User-Agent: Mutt/1.5.9i
Delivered-To: 322406-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

On Wed, Aug 10, 2005 at 09:13:00AM -0500, John Goerzen wrote:
> Poking around with strace revealed that it was trying to pull from
> /dev/random, which was apparently depleted.  (The system was mostly idle
> at that time.)
> 
> Perhaps exim4 should revert to /dev/urandom if it can't get enough
> randomness from /dev/random in a reasonable amount of time.

Since the entropy is needed for generation of new diffie-hellman
parameters, which are essential for good cryptography, using
/dev/urandom is not a good idea. Re-generating the DH parameters on a
regular basis is recommended by upstream.

Future versions of the exim4 packages will asynchronously generate the
new DH parameters so that exim4 never stalls in this situation.

A possible workaround would be to have the system generate better
entropy, for example by using network and disk equipment whose drivers
deliver entropy.

The /dev/random behavior is already filed in the bts multiple times,
so I am closing this bug as a duplicate.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



More information about the Pkg-exim4-maintainers mailing list