Commit 661464b193899bdd93dae2cf701e8da014f3991d
1 parent
94b84a20
as multi line emphasize does not work make it a cite
Showing
1 changed file
with
18 additions
and
18 deletions
| ... | ... | @@ -47,24 +47,24 @@ This should prevent right drop while changing the effective user id. |
| 47 | 47 | If apache2 does not start it most likely is related to some access rights. |
| 48 | 48 | Just have a look in the error log as mentioned in this. |
| 49 | 49 | |
| 50 | -**ATTENTION: This module adds data to the kernel random number pool. To do | |
| 51 | -this the apache process needs CAP_SYS_ADMIN. Without any role based access | |
| 52 | -control this is true only for the root user. | |
| 53 | - | |
| 54 | -An alternative is to assign CAP_SYS_ADMIN to the apache process. This still | |
| 55 | -seems not to be the ideal solution as this would give the apache process | |
| 56 | -access to several system internals like de-/activation of swap devices | |
| 57 | -mount/unmount, etc. Anyway, this is the best i could figure out. | |
| 58 | - | |
| 59 | -It would be a good to have a special capabilty just for random pool | |
| 60 | -administration but actually i have no clue if and how this might be possible. | |
| 61 | -Anyway this still might lead to problems with the security of your encryption | |
| 62 | -as an attacker might be able to add own random values to the random pool which | |
| 63 | -in turn might compromize your encryption. | |
| 64 | - | |
| 65 | -Actually i have no good solution for this...maybe it is not a good idea at all | |
| 66 | -to generate random numbers this way, i would be lucky to get feedback on this | |
| 67 | -issue.** | |
| 50 | +> ATTENTION: This module adds data to the kernel random number pool. To do | |
| 51 | +> this the apache process needs CAP_SYS_ADMIN. Without any role based access | |
| 52 | +> control this is true only for the root user. | |
| 53 | +> | |
| 54 | +> An alternative is to assign CAP_SYS_ADMIN to the apache process. This still | |
| 55 | +> seems not to be the ideal solution as this would give the apache process | |
| 56 | +> access to several system internals like de-/activation of swap devices | |
| 57 | +> mount/unmount, etc. Anyway, this is the best i could figure out. | |
| 58 | +> | |
| 59 | +> It would be a good to have a special capabilty just for random pool | |
| 60 | +> administration but actually i have no clue if and how this might be possible. | |
| 61 | +> Anyway this still might lead to problems with the security of your encryption | |
| 62 | +> as an attacker might be able to add own random values to the random pool which | |
| 63 | +> in turn might compromize your encryption. | |
| 64 | +> | |
| 65 | +> Actually i have no good solution for this...maybe it is not a good idea at all | |
| 66 | +> to generate random numbers this way, i would be lucky to get feedback on this | |
| 67 | +> issue. | |
| 68 | 68 | |
| 69 | 69 | ## Dependencies |
| 70 | 70 | ... | ... |
Please
register
or
login
to post a comment