On 9/18/06, Malcolm Rowe <malcolm-svn-dev@farside.org.uk> wrote:
> On Mon, Sep 18, 2006 at 04:26:16PM +0200, debian@gepro.cz wrote:
> > svnserve configured on Debian Sarge uses /dev/random for password exchange
> > handshake. As a result client connections deadlock in the case of
> > exhausted entropy, since /dev/random may be blocking indefinitely.
> >
>
> For the sake of completeness, this is issue 2590 (and
> http://subversion.tigris.org/faq.html#freebsd-hang, though you're not
> on FreeBSD).
>
> To solve this, we really need APR to grow an interface that will allow
> us to get random-but-not-secret data (from e.g. /dev/urandom), which
> we could then use for generating UUIDs. (I'm not sure that it would
> necessarily be safe to use a predictable random source to generate
> authentication challenges, but if so, we could also use it there).
>
> To a large extent, this is a problem that needs to be solved by APR first.
> However, some of the Subversion committers are also APR committers...
And we'd be more than willing to review and apply patches that
implement such a thing, if someone's willing to actually write them.
-garrett
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Mon Sep 18 18:18:26 2006