Re: gpg /netstat problems

From: Curtis Maloney (curtis@cardgate.net)
Date: 05/08/02


From: Curtis Maloney <curtis@cardgate.net>
To: focus-sun@securityfocus.com
Date: Wed, 8 May 2002 08:45:06 +1000

On Thu, 2 May 2002 17:35, Richard Cross wrote:

Hi...

This is my first time posting to this list, so take it easy if I break
etiquette, or otherwise do something wrong...

> I noticed GnuPG wasn't working properly recently - it was hanging while
> trying to encrypt a file or when generating a new key. Ran truss on it
> and found that it forks a separate process which turned out to be:
>
> netstat -p -f inet
>
> and it was hanging because it couldn't resolve the addresses, however
> that aside...
>
> ... anyone know why it needs to do this and whether or not this can be
> disabled? Could it potentially be a security risk? (FYI it was the
> packaged version for Solaris 8 from Sunfreeware).
>

This looks like entropy gathering. Since Solaris doesn't have a /dev/random
, many security programs try to generate their own entropy pools by running a
list of programs that will have unpredictable or hard to predict timing.
Unlike OpenSSL, which uses a similar trick, GnuPG hard codes this list.

In the FAQ that comes with the GnuPG sources (I just happen to be setting it
up here, so it's all still fresh in my mind :) section 3.2 talks about
entropy sources, and mentions the SUNWski package adds /dev/random, or if
this is not possible, the Entropy Gathering Daemon (EGD) will suffice.
<http://www.gnupg.org/download.html>

Oh, and from all reports, Solaris 9 will have /dev/random by default.

>
> Rick Cross.

Hope this helps.

-- 
--
Curtis Maloney

Cardgate.net (03) 9765 1490