[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: svnserve processes

From: Daniel Patterson <danpat_at_danpat.net>
Date: 2005-02-12 23:02:53 CET

BRUGGEMAN Jens (JBRG) wrote:
> I can paste some logging of a process which has stopped doing anything:
>
> 11:21:59 fork(Process 9952 attached
> ) = 9952
> [pid 9952] 11:21:59 getpid() = 9952
> [pid 9952] 11:21:59 getrlimit(RLIMIT_STACK, {rlim_cur=RLIM_INFINITY,
> rlim_max=RLIM_INFINITY}) = 0
> [pid 9952] 11:21:59 close(3) = 0
> [pid 9952] 11:21:59 write(4, "( success ( 1 2 ( ANONYMOUS ) ( "..., 52) =
> 52
> [pid 9952] 11:21:59 read(4, "( 2 ( edit-pipeline ) 31:svn://1"..., 4096) =
> 59
> ....
> [pid 9952] 11:21:59 open("/dev/random", O_RDONLY) = 5
> [pid 9952] 11:21:59 read(5, "\25\320XW\362~", 8) = 6
> [pid 9952] 11:21:59 read(5, <unfinished ...>
> [pid 9952] 11:30:06 <... read resumed> ")}", 2) = 2

   On some systems, /dev/random is not just a pseudorandom number
   generator. When you read from it, the kernel gathers data from
   various sources (network io, disk io, etc) to generate the random
   data you read.

   What typically happens is that the kernel gathers "entropy" for
   a while, and makes it available to /dev/random. You can usually
   read a handful of bytes instantly, but after that, reads often
   block until the kernel has decided that it's gathered enough
   entropy to feed you more "truely random" data. The faster it
   feeds you data on /dev/random, the more information can be deduced
   by an attacker who knows how that data is being generated (i.e.
   they can send network traffic to your machine to affect the randomness
   of the numbers). The delay is an attempt to counter that.

   A more detailed explaination is here, along with a perl implementation
   of what I roughly described above.

     http://egd.sourceforge.net/

   That said, 9 minutes is a long time to wait for 2 bytes of new random
   data. Perhaps your server is very very idle or has a buggy
   /dev/random implementation? I'm not even sure why svnserve needs
   random data (authentication?).

   You can probably run a bit of a test by hand by simply doing "cat
   /dev/random" and seeing how fast you can read from that. You'll
   probably find that it's quite slow (when compared to, say, cat
   /dev/zero, or /dev/hda).

daniel

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sat Feb 12 23:05:04 2005

This is an archived mail posted to the Subversion Dev mailing list.