summaryrefslogtreecommitdiffstats
path: root/settings
diff options
context:
space:
mode:
authorLukas Reschke <lukas@owncloud.com>2015-05-26 14:11:38 +0200
committerLukas Reschke <lukas@owncloud.com>2015-05-26 14:16:07 +0200
commitbc6d17ed74a20c35ddb21f5f6b7b644664e5275c (patch)
tree80991e705aa9132d3c802b8383284c110f97dccc /settings
parentb82d902e184960877110bc45124ed2399f779cac (diff)
downloadnextcloud-server-bc6d17ed74a20c35ddb21f5f6b7b644664e5275c.tar.gz
nextcloud-server-bc6d17ed74a20c35ddb21f5f6b7b644664e5275c.zip
Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system: 1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop 2. MTRand: chr((mt_rand() ^ mt_rand()) % 256) 3. Rand: chr((rand() ^ rand()) % 256) 4. UniqId: Plain uniqid() An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour. One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface. Thanks to David Black from d1b.org for bringing this again to our attention.
Diffstat (limited to 'settings')
-rw-r--r--settings/controller/checksetupcontroller.php19
1 files changed, 19 insertions, 0 deletions
diff --git a/settings/controller/checksetupcontroller.php b/settings/controller/checksetupcontroller.php
index 15719ce215f..3ced5af5a5f 100644
--- a/settings/controller/checksetupcontroller.php
+++ b/settings/controller/checksetupcontroller.php
@@ -91,6 +91,23 @@ class CheckSetupController extends Controller {
}
/**
+ * Whether /dev/urandom is available to the PHP controller
+ *
+ * @return bool
+ */
+ private function isUrandomAvailable() {
+ if(@file_exists('/dev/urandom')) {
+ $file = fopen('/dev/urandom', 'rb');
+ if($file) {
+ fclose($file);
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
* @return DataResponse
*/
public function check() {
@@ -100,6 +117,8 @@ class CheckSetupController extends Controller {
'dataDirectoryProtected' => $this->util->isHtaccessWorking($this->config),
'isMemcacheConfigured' => $this->isMemcacheConfigured(),
'memcacheDocs' => $this->urlGenerator->linkToDocs('admin-performance'),
+ 'isUrandomAvailable' => $this->isUrandomAvailable(),
+ 'securityDocs' => $this->urlGenerator->linkToDocs('admin-security'),
]
);
}