From owner-freebsd-audit Fri Nov 26 19:48:25 1999 Delivered-To: freebsd-audit@freebsd.org Received: from november.jaded.net (november.jaded.net [216.94.113.4]) by hub.freebsd.org (Postfix) with ESMTP id D318A14E46 for ; Fri, 26 Nov 1999 19:48:21 -0800 (PST) (envelope-from dan@november.jaded.net) Received: (from dan@localhost) by november.jaded.net (8.9.3/8.9.3+trinsec_nospam) id WAA18519 for freebsd-audit@freebsd.org; Fri, 26 Nov 1999 22:48:20 -0500 (EST) Date: Fri, 26 Nov 1999 22:48:19 -0500 From: Dan Moschuk To: freebsd-audit@freebsd.org Subject: The ball starts rolling Message-ID: <19991126224819.A18496@november.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG To get the ball rolling, I've put online my patch to randomize the order which PIDs follow. If all goes well, I expect to commit this sometime over the weekend, followed by another commit the following week to replace the PRNG with something a little better than random(). To use this, you need to set the sysctl knob kern.randompid to 1. Diff's against current are available at www.freebsd.org/~dan/randompid.patch Cheers! -- Dan Moschuk (TFreak!dan@freebsd.org) "Try not. Do, or do not. There is no try." -- Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 19:49:59 1999 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 8E3EA1537D; Fri, 26 Nov 1999 19:49:53 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id UAA22427; Fri, 26 Nov 1999 20:49:51 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id UAA47680; Fri, 26 Nov 1999 20:49:44 -0700 (MST) Message-Id: <199911270349.UAA47680@harmony.village.org> To: Dan Moschuk Subject: Re: The ball starts rolling Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Fri, 26 Nov 1999 22:48:19 EST." <19991126224819.A18496@november.jaded.net> References: <19991126224819.A18496@november.jaded.net> Date: Fri, 26 Nov 1999 20:49:44 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <19991126224819.A18496@november.jaded.net> Dan Moschuk writes: : To get the ball rolling, I've put online my patch to randomize the order which : PIDs follow. If all goes well, I expect to commit this sometime over the : weekend, followed by another commit the following week to replace the PRNG : with something a little better than random(). What's wrong with the original cryptographically strong randomizer in OpenSBD? Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 19:59:56 1999 Delivered-To: freebsd-audit@freebsd.org Received: from pawn.primelocation.net (pawn.primelocation.net [205.161.238.235]) by hub.freebsd.org (Postfix) with ESMTP id C129714C84; Fri, 26 Nov 1999 19:59:53 -0800 (PST) (envelope-from cdf.lists@fxp.org) Received: by pawn.primelocation.net (Postfix, from userid 1016) id A8CCD9B38; Fri, 26 Nov 1999 22:59:52 -0500 (EST) Received: from localhost (localhost [127.0.0.1]) by pawn.primelocation.net (Postfix) with ESMTP id 9AF6ABA21; Fri, 26 Nov 1999 22:59:52 -0500 (EST) Date: Fri, 26 Nov 1999 22:59:52 -0500 (EST) From: "Chris D. Faulhaber" X-Sender: cdf.lists@pawn.primelocation.net To: Dan Moschuk Cc: freebsd-audit@freebsd.org Subject: Re: The ball starts rolling In-Reply-To: <19991126224819.A18496@november.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 26 Nov 1999, Dan Moschuk wrote: > > To get the ball rolling, I've put online my patch to randomize the order which > PIDs follow. If all goes well, I expect to commit this sometime over the > weekend, followed by another commit the following week to replace the PRNG > with something a little better than random(). > > To use this, you need to set the sysctl knob kern.randompid to 1. > > Diff's against current are available at www.freebsd.org/~dan/randompid.patch > FWIW, it applies fines (with offsets) to -stable. ----- Chris D. Faulhaber | All the true gurus I've met never System/Network Administrator, | claimed they were one, and always Reality Check Information, Inc. | pointed to someone better. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 20: 7:19 1999 Delivered-To: freebsd-audit@freebsd.org Received: from november.jaded.net (november.jaded.net [216.94.113.4]) by hub.freebsd.org (Postfix) with ESMTP id ECB9D14D49; Fri, 26 Nov 1999 20:07:17 -0800 (PST) (envelope-from dan@november.jaded.net) Received: (from dan@localhost) by november.jaded.net (8.9.3/8.9.3+trinsec_nospam) id XAA18577; Fri, 26 Nov 1999 23:07:13 -0500 (EST) Date: Fri, 26 Nov 1999 23:07:13 -0500 From: Dan Moschuk To: Warner Losh Cc: Dan Moschuk , freebsd-audit@FreeBSD.ORG Subject: Re: The ball starts rolling Message-ID: <19991126230713.C18496@november.jaded.net> References: <19991126224819.A18496@november.jaded.net> <199911270349.UAA47680@harmony.village.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <199911270349.UAA47680@harmony.village.org>; from Warner Losh on Fri, Nov 26, 1999 at 08:49:44PM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | : To get the ball rolling, I've put online my patch to randomize the order which | : PIDs follow. If all goes well, I expect to commit this sometime over the | : weekend, followed by another commit the following week to replace the PRNG | : with something a little better than random(). | | What's wrong with the original cryptographically strong randomizer in | OpenSBD? Absolutely nothing. Last I checked, they used RC4, which is fairly fast and efficient for the kernel. However, I'm still debating whether or not it's actually _needed_. IMHO, OpenBSD takes somethings beyond the point of paranoid overkill, but in this secnario I don't think it would hurt either way. *shrug* -- Dan Moschuk (TFreak!dan@freebsd.org) "Try not. Do, or do not. There is no try." -- Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 20:14: 7 1999 Delivered-To: freebsd-audit@freebsd.org Received: from november.jaded.net (november.jaded.net [216.94.113.4]) by hub.freebsd.org (Postfix) with ESMTP id 426BA14E41 for ; Fri, 26 Nov 1999 20:14:04 -0800 (PST) (envelope-from dan@november.jaded.net) Received: (from dan@localhost) by november.jaded.net (8.9.3/8.9.3+trinsec_nospam) id XAA18647; Fri, 26 Nov 1999 23:14:03 -0500 (EST) Date: Fri, 26 Nov 1999 23:14:03 -0500 From: Dan Moschuk To: freebsd-audit@freebsd.org Cc: Warner Losh Subject: Re: The ball starts rolling Message-ID: <19991126231403.D18496@november.jaded.net> References: <19991126224819.A18496@november.jaded.net> <199911270349.UAA47680@harmony.village.org> <19991126230713.C18496@november.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i In-Reply-To: <19991126230713.C18496@november.jaded.net>; from Dan Moschuk on Fri, Nov 26, 1999 at 11:07:13PM -0500 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG | | What's wrong with the original cryptographically strong randomizer in | | OpenSBD? | | Absolutely nothing. Last I checked, they used RC4, which is fairly fast and | efficient for the kernel. However, I'm still debating whether or not it's | actually _needed_. IMHO, OpenBSD takes somethings beyond the point of | paranoid overkill, but in this secnario I don't think it would hurt either way. | | *shrug* Oh, cool. After further inspection, arc4random() is a library function, not specific to the OpenBSD kernel. In that case, there is really no valid reason why you can't use either. -- Dan Moschuk (TFreak!dan@freebsd.org) "Try not. Do, or do not. There is no try." -- Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 20:34:40 1999 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 5279F14E41; Fri, 26 Nov 1999 20:34:39 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 454011CD734; Fri, 26 Nov 1999 20:34:39 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Fri, 26 Nov 1999 20:34:39 -0800 (PST) From: Kris Kennaway To: Dan Moschuk Cc: Warner Losh , freebsd-audit@FreeBSD.ORG Subject: Re: The ball starts rolling In-Reply-To: <19991126230713.C18496@november.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 26 Nov 1999, Dan Moschuk wrote: > Absolutely nothing. Last I checked, they used RC4, which is fairly fast and > efficient for the kernel. However, I'm still debating whether or not it's > actually _needed_. IMHO, OpenBSD takes somethings beyond the point of > paranoid overkill, but in this secnario I don't think it would hurt either way. Well, if you're going to do something you might as well do it properly :) Randomized IDs don't mean much if you can guess them :-) Kris ---- Just remember, as you celebrate Thanksgiving with your family feasts of turkey, cranberries, stuffing, gravy, mashed potatoes, squash, corn, cornbread, apples, pickles, dumplings, fish, orangutans, fruitbats, breakfast cereals, and so forth, to keep in mind the true reason for the season: The birth of Santa. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 20:35:22 1999 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 1CDCA14E41; Fri, 26 Nov 1999 20:35:21 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 101DA1CD734; Fri, 26 Nov 1999 20:35:21 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Fri, 26 Nov 1999 20:35:20 -0800 (PST) From: Kris Kennaway To: Dan Moschuk Cc: freebsd-audit@freebsd.org, Warner Losh Subject: Re: The ball starts rolling In-Reply-To: <19991126231403.D18496@november.jaded.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Fri, 26 Nov 1999, Dan Moschuk wrote: > Oh, cool. After further inspection, arc4random() is a library function, not > specific to the OpenBSD kernel. In that case, there is really no valid reason > why you can't use either. It's already in our libc, too (has been for ages) :-) Kris ---- Just remember, as you celebrate Thanksgiving with your family feasts of turkey, cranberries, stuffing, gravy, mashed potatoes, squash, corn, cornbread, apples, pickles, dumplings, fish, orangutans, fruitbats, breakfast cereals, and so forth, to keep in mind the true reason for the season: The birth of Santa. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 20:40:52 1999 Delivered-To: freebsd-audit@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6950614DF4; Fri, 26 Nov 1999 20:40:48 -0800 (PST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id VAA22614; Fri, 26 Nov 1999 21:40:47 -0700 (MST) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id VAA47969; Fri, 26 Nov 1999 21:40:40 -0700 (MST) Message-Id: <199911270440.VAA47969@harmony.village.org> To: Dan Moschuk Subject: Re: The ball starts rolling Cc: freebsd-audit@FreeBSD.ORG In-reply-to: Your message of "Fri, 26 Nov 1999 23:07:13 EST." <19991126230713.C18496@november.jaded.net> References: <19991126230713.C18496@november.jaded.net> <19991126224819.A18496@november.jaded.net> <199911270349.UAA47680@harmony.village.org> Date: Fri, 26 Nov 1999 21:40:40 -0700 From: Warner Losh Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <19991126230713.C18496@november.jaded.net> Dan Moschuk writes: : Absolutely nothing. Last I checked, they used RC4, which is fairly fast and : efficient for the kernel. However, I'm still debating whether or not it's : actually _needed_. IMHO, OpenBSD takes somethings beyond the point of : paranoid overkill, but in this secnario I don't think it would hurt either way. The theory here is that you don't want someone to be able to predict the pid, otherwise it is useless to try to do random pids because they won't be random. In this case I tend to agree... Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Fri Nov 26 22:56:56 1999 Delivered-To: freebsd-audit@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 1BDEC14DD9; Fri, 26 Nov 1999 22:56:48 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 061F81CD626 for ; Fri, 26 Nov 1999 22:56:42 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Fri, 26 Nov 1999 22:56:42 -0800 (PST) From: Kris Kennaway To: audit@freebsd.org Subject: ctm_rmail holes Message-ID: MIME-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="0-862565871-943685802=:86657" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mime@docserver.cac.washington.edu for more info. --0-862565871-943685802=:86657 Content-Type: TEXT/PLAIN; charset=US-ASCII There are a couple of buffer overflows in ctm_rmail (part of ctm which automatically decodes and applies deltas received via email) which look like they could be exploitable by sending a malformed email. OpenBSD fixed these, but for some reason Theo backed them out a few months ago during a sync with our code. Of course, a larger issue with CTM is that it looks like anyone can insert their code into your source tree just by sending a delta to you, because it does no authentication whatsoever of the contents except that it applies cleanly :-( The attached patch syncs with the OpenBSD security changes, and I've also fixed a lock file race, and some command-line buffer overflows which weren't likely to be security problems. However I can't test this, because I don't have my machine set up to use CTM. Comments, anyone? Kris ---- Just remember, as you celebrate Thanksgiving with your family feasts of turkey, cranberries, stuffing, gravy, mashed potatoes, squash, corn, cornbread, apples, pickles, dumplings, fish, orangutans, fruitbats, breakfast cereals, and so forth, to keep in mind the true reason for the season: The birth of Santa. --0-862565871-943685802=:86657 Content-Type: TEXT/PLAIN; charset=US-ASCII; name="foo.p" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="foo.p" SW5kZXg6IGN0bV9ybWFpbC5jDQo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09DQpS Q1MgZmlsZTogL2hvbWUvbmN2cy9zcmMvdXNyLnNiaW4vY3RtL2N0bV9ybWFp bC9jdG1fcm1haWwuYyx2DQpyZXRyaWV2aW5nIHJldmlzaW9uIDEuMTQNCmRp ZmYgLXUgLXIxLjE0IGN0bV9ybWFpbC5jDQotLS0gY3RtX3JtYWlsLmMJMTk5 OC8wNy8yNyAyMjoyNjoyNQkxLjE0DQorKysgY3RtX3JtYWlsLmMJMTk5OS8x MS8yNyAwNjo0MTo1NQ0KQEAgLTEwLDYgKzEwLDExIEBADQogICogTWF5YmUg eW91IHNob3VsZCB3cml0ZSBzb21lIGZyZWUgc29mdHdhcmUgdG9vLg0KICAq Lw0KIA0KKyNpZm5kZWYgbGludA0KK3N0YXRpYyBjb25zdCBjaGFyIHJjc2lk W10gPQ0KKyIkRnJlZUJTRCQiOw0KKyNlbmRpZiAvKiBub3QgbGludCAqLw0K Kw0KICNpbmNsdWRlIDxzdGRpby5oPg0KICNpbmNsdWRlIDxzdGRsaWIuaD4N CiAjaW5jbHVkZSA8c3RyaW5ncy5oPg0KQEAgLTM1LDcgKzQwLDggQEANCiB2 b2lkIGFwcGx5X2NvbXBsZXRlKHZvaWQpOw0KIGludCByZWFkX3BpZWNlKGNo YXIgKmlucHV0X2ZpbGUpOw0KIGludCBjb21iaW5lX2lmX2NvbXBsZXRlKGNo YXIgKmRlbHRhLCBpbnQgcGNlLCBpbnQgbnBpZWNlcyk7DQotaW50IGNvbWJp bmUoY2hhciAqZGVsdGEsIGludCBucGllY2VzLCBjaGFyICpkbmFtZSwgY2hh ciAqcG5hbWUsIGNoYXIgKnRuYW1lKTsNCitpbnQgY29tYmluZShjaGFyICpk ZWx0YSwgaW50IG5waWVjZXMsIGNoYXIgKmRuYW1lLCBjaGFyICpwbmFtZSwg Y2hhciAqdG5hbWUsDQorCSAgICBpbnQgbGVuKTsNCiBpbnQgZGVjb2RlX2xp bmUoY2hhciAqbGluZSwgY2hhciAqb3V0X2J1Zik7DQogaW50IGxvY2tfZmls ZShjaGFyICpuYW1lKTsNCiANCkBAIC0xMTgsMTQgKzEyNCwxNCBAQA0KIC8q DQogICogQ29uc3RydWN0IHRoZSBmaWxlIG5hbWUgb2YgYSBwaWVjZSBvZiBh IGRlbHRhLg0KICAqLw0KLSNkZWZpbmUgbWtfcGllY2VfbmFtZShmbixkLHAs bikJXA0KLSAgICBzcHJpbnRmKChmbiksICIlcy8lcyslMDNkLSUwM2QiLCBw aWVjZV9kaXIsIChkKSwgKHApLCAobikpDQorI2RlZmluZSBta19waWVjZV9u YW1lKGZuLGwsZCxwLG4pCVwNCisgICAgc25wcmludGYoKGZuKSwgbCwgIiVz LyVzKyUwM2QtJTAzZCIsIHBpZWNlX2RpciwgKGQpLCAocCksIChuKSkNCiAN CiAvKg0KICAqIENvbnN0cnVjdCB0aGUgZmlsZSBuYW1lIG9mIGFuIGFzc2Vt YmxlZCBkZWx0YS4NCiAgKi8NCi0jZGVmaW5lIG1rX2RlbHRhX25hbWUoZm4s ZCkJXA0KLSAgICBzcHJpbnRmKChmbiksICIlcy8lcyIsIGRlbHRhX2Rpciwg KGQpKQ0KKyNkZWZpbmUgbWtfZGVsdGFfbmFtZShmbixsLGQpCVwNCisgICAg c25wcmludGYoKGZuKSwgbCwgIiVzLyVzIiwgZGVsdGFfZGlyLCAoZCkpDQog DQogLyoNCiAgKiBJZiB0aGUgbmV4dCByZXF1aXJlZCBkZWx0YSBpcyBub3cg cHJlc2VudCwgbGV0IGN0bSBsdW5jaCBvbiBpdCBhbmQgYW55DQpAQCAtMTQ5 LDIyICsxNTUsMjIgQEANCiAgICAgICogR3JhYiBhIGxvY2sgb24gdGhlIGN0 bSBtdXRleCBmaWxlIHNvIHRoYXQgd2UgY2FuIGJlIHN1cmUgd2UgYXJlDQog ICAgICAqIHdvcmtpbmcgYWxvbmUsIG5vdCBmaWdodGluZyBhbm90aGVyIGN0 bV9ybWFpbCENCiAgICAgICovDQotICAgIHN0cmNweShmbmFtZSwgZGVsdGFf ZGlyKTsNCi0gICAgc3RyY2F0KGZuYW1lLCAiLy5tdXRleF9hcHBseSIpOw0K KyAgICBzdHJuY3B5KGZuYW1lLCBkZWx0YV9kaXIsIHNpemVvZihmbmFtZSkp Ow0KKyAgICBzdHJsY2F0KGZuYW1lLCAiLy5tdXRleF9hcHBseSIsIHNpemVv ZihmbmFtZSkpOw0KICAgICBpZiAoKGxmZCA9IGxvY2tfZmlsZShmbmFtZSkp IDwgMCkNCiAJcmV0dXJuOw0KIA0KICAgICAvKg0KICAgICAgKiBGaW5kIG91 dCB3aGljaCBkZWx0YSBjdG0gbmVlZHMgbmV4dC4NCiAgICAgICovDQotICAg IHNwcmludGYoZm5hbWUsICIlcy8lcyIsIGJhc2VfZGlyLCBDVE1fU1RBVFVT KTsNCisgICAgc25wcmludGYoZm5hbWUsIHNpemVvZihmbmFtZSksICIlcy8l cyIsIGJhc2VfZGlyLCBDVE1fU1RBVFVTKTsNCiAgICAgaWYgKChmcCA9IGZv cGVuKGZuYW1lLCAiciIpKSA9PSBOVUxMKQ0KIAl7DQogCWNsb3NlKGxmZCk7 DQogCXJldHVybjsNCiAJfQ0KIA0KLSAgICBpID0gZnNjYW5mKGZwLCAiJXMg JWQgJWMiLCBjbGFzcywgJmRuLCBqdW5rKTsNCisgICAgaSA9IGZzY2FuZihm cCwgIiUxOXMgJWQgJWMiLCBjbGFzcywgJmRuLCBqdW5rKTsNCiAgICAgZmNs b3NlKGZwKTsNCiAgICAgaWYgKGkgIT0gMikNCiAJew0KQEAgLTE3OCw3ICsx ODQsNyBAQA0KICAgICBoZXJlWzBdID0gJ1wwJzsNCiAgICAgaWYgKGRlbHRh X2RpclswXSAhPSAnLycpDQogCXsNCi0JZ2V0Y3dkKGhlcmUsIHNpemVvZiho ZXJlKS0xKTsNCisJZ2V0Y3dkKGhlcmUsIHNpemVvZihoZXJlKS0yKTsNCiAJ aSA9IHN0cmxlbihoZXJlKSAtIDE7DQogCWlmIChpID49IDAgJiYgaGVyZVtp XSAhPSAnLycpDQogCSAgICB7DQpAQCAtMTkyLDEzICsxOTgsMTMgQEANCiAg ICAgICovDQogICAgIGZvciAoOzspDQogCXsNCi0Jc3ByaW50ZihkZWx0YSwg IiVzLiUwNGQuZ3oiLCBjbGFzcywgKytkbik7DQotCW1rX2RlbHRhX25hbWUo Zm5hbWUsIGRlbHRhKTsNCisJc25wcmludGYoZGVsdGEsIHNpemVvZihkZWx0 YSksICIlcy4lMDRkLmd6IiwgY2xhc3MsICsrZG4pOw0KKwlta19kZWx0YV9u YW1lKGZuYW1lLCBzaXplb2YoZm5hbWUpLCBkZWx0YSk7DQogDQogCWlmIChz dGF0KGZuYW1lLCAmc2IpIDwgMCkNCiAJICAgIGJyZWFrOw0KIA0KLQlzcHJp bnRmKGJ1ZiwgIihjZCAlcyAmJiBjdG0gJXMlcyVzJXMpIDI+JjEiLCBiYXNl X2RpciwNCisJc25wcmludGYoYnVmLCBzaXplb2YoYnVmKSwgIihjZCAlcyAm JiBjdG0gJXMlcyVzJXMpIDI+JjEiLCBiYXNlX2RpciwNCiAJCQkJc2V0X3Rp bWUgPyAiLXUgIiA6ICIiLA0KIAkJCQlhcHBseV92ZXJib3NlID8gIi12ICIg OiAiIiwgaGVyZSwgZm5hbWUpOw0KIAlpZiAoKGN0bSA9IHBvcGVuKGJ1Ziwg InIiKSkgPT0gTlVMTCkNCkBAIC0yOTQsNyArMzAwLDcgQEANCiAJICAgIHsN CiAJICAgIGNoYXIgKnM7DQogDQotCSAgICBpZiAoc3NjYW5mKGxpbmUsICJD VE1fTUFJTCBCRUdJTiAlcyAlZCAlZCAlYyIsDQorCSAgICBpZiAoc3NjYW5m KGxpbmUsICJDVE1fTUFJTCBCRUdJTiAlMjlzICVkICVkICVjIiwNCiAJCSAg ICBkZWx0YSwgJnBjZSwgJm5waWVjZXMsIGp1bmspICE9IDMpDQogCQljb250 aW51ZTsNCiANCkBAIC0zMDIsMTcgKzMwOCwxNyBAQA0KIAkJKnMgPSAnXyc7 DQogDQogCSAgICBnb3Rfb25lKys7DQotCSAgICBzdHJjcHkodG5hbWUsIHBp ZWNlX2Rpcik7DQotCSAgICBzdHJjYXQodG5hbWUsICIvcC5YWFhYWFgiKTsN Ci0JICAgIGlmICgob2ZkID0gbWtzdGVtcCh0bmFtZSkpIDwgMCkNCisJICAg IHN0cm5jcHkodG5hbWUsIHBpZWNlX2Rpciwgc2l6ZW9mKHRuYW1lKSk7DQor CSAgICBzdHJsY2F0KHRuYW1lLCAiL3AuWFhYWFhYWFhYWCIsIHNpemVvZih0 bmFtZSkpOw0KKwkgICAgaWYgKChvZmQgPSBta3N0ZW1wKHRuYW1lKSkgPT0g LTEgfHwNCisJCShvZnAgPSBmZG9wZW4ob2ZkLCAidyIpKSA9PSBOVUxMKQ0K IAkJew0KLQkJZXJyKCIqbWtzdGVtcDogJyVzJyIsIHRuYW1lKTsNCi0JCXN0 YXR1cysrOw0KLQkJY29udGludWU7DQotCQl9DQotCSAgICBpZiAoKG9mcCA9 IGZkb3BlbihvZmQsICJ3IikpID09IE5VTEwpDQotCQl7DQotCQllcnIoImNh bm5vdCBvcGVuICclcycgZm9yIHdyaXRpbmciLCB0bmFtZSk7DQorCQlpZiAo b2ZkICE9IC0xKSB7DQorCQkgICAgZXJyKCJjYW5ub3Qgb3BlbiAnJXMnIGZv ciB3cml0aW5nIiwgdG5hbWUpOw0KKwkJICAgIGNsb3NlKG9mZCk7DQorCQkg ICAgfQ0KKwkJZWxzZQ0KKwkJICAgIGVycigiKm1rc3RlbXA6ICclcyciLCB0 bmFtZSk7DQogCQlzdGF0dXMrKzsNCiAJCWNvbnRpbnVlOw0KIAkJfQ0KQEAg LTM0OSw3ICszNTUsNyBAQA0KIAkJY29udGludWU7DQogCQl9DQogDQotCSAg ICBta19waWVjZV9uYW1lKHBuYW1lLCBkZWx0YSwgcGNlLCBucGllY2VzKTsN CisJICAgIG1rX3BpZWNlX25hbWUocG5hbWUsIHNpemVvZihwbmFtZSksIGRl bHRhLCBwY2UsIG5waWVjZXMpOw0KIAkgICAgaWYgKHJlbmFtZSh0bmFtZSwg cG5hbWUpIDwgMCkNCiAJCXsNCiAJCWVycigiKnJlbmFtZTogJyVzJyB0byAn JXMnIiwgdG5hbWUsIHBuYW1lKTsNCkBAIC00MzgsOCArNDQ0LDggQEANCiAg ICAgICovDQogICAgIGlmIChucGllY2VzID09IDEpDQogCXsNCi0JbWtfZGVs dGFfbmFtZShkbmFtZSwgZGVsdGEpOw0KLQlta19waWVjZV9uYW1lKHBuYW1l LCBkZWx0YSwgMSwgMSk7DQorCW1rX2RlbHRhX25hbWUoZG5hbWUsIHNpemVv ZihkbmFtZSksIGRlbHRhKTsNCisJbWtfcGllY2VfbmFtZShwbmFtZSwgc2l6 ZW9mKHBuYW1lKSwgZGVsdGEsIDEsIDEpOw0KIAlpZiAocmVuYW1lKHBuYW1l LCBkbmFtZSkgPT0gMCkNCiAJICAgIHsNCiAJICAgIGVycigiJXMgY29tcGxl dGUiLCBkZWx0YSk7DQpAQCAtNDUxLDggKzQ1Nyw4IEBADQogICAgICAqIEdy YWIgYSBsb2NrIG9uIHRoZSByZWFzc2VtYmx5IG11dGV4IGZpbGUgc28gdGhh dCB3ZSBjYW4gYmUgc3VyZSB3ZSBhcmUNCiAgICAgICogd29ya2luZyBhbG9u ZSwgbm90IGZpZ2h0aW5nIGFub3RoZXIgY3RtX3JtYWlsIQ0KICAgICAgKi8N Ci0gICAgc3RyY3B5KHRuYW1lLCBkZWx0YV9kaXIpOw0KLSAgICBzdHJjYXQo dG5hbWUsICIvLm11dGV4X2J1aWxkIik7DQorICAgIHN0cm5jcHkodG5hbWUs IGRlbHRhX2Rpciwgc2l6ZW9mKHRuYW1lKSk7DQorICAgIHN0cmxjYXQodG5h bWUsICIvLm11dGV4X2J1aWxkIiwgc2l6ZW9mKHRuYW1lKSk7DQogICAgIGlm ICgobGZkID0gbG9ja19maWxlKHRuYW1lKSkgPCAwKQ0KIAlyZXR1cm4gMDsN CiANCkBAIC00NjUsNyArNDcxLDcgQEANCiAJew0KIAlpZiAoaSA9PSBwY2Up DQogCSAgICBjb250aW51ZTsNCi0JbWtfcGllY2VfbmFtZShwbmFtZSwgZGVs dGEsIGksIG5waWVjZXMpOw0KKwlta19waWVjZV9uYW1lKHBuYW1lLCBzaXpl b2YocG5hbWUpLCBkZWx0YSwgaSwgbnBpZWNlcyk7DQogCWlmIChzdGF0KHBu YW1lLCAmc2IpIDwgMCkNCiAJICAgIHsNCiAJICAgIGNsb3NlKGxmZCk7DQpA QCAtNDc3LDcgKzQ4Myw3IEBADQogICAgICAqIFN0aWNrIHRoZW0gdG9nZXRo ZXIuICBMZXQgY29tYmluZSgpIHVzZSBvdXIgZmlsZSBuYW1lIGJ1ZmZlcnMs IHNpbmNlDQogICAgICAqIHdlJ3JlIHN1Y2ggZ29vZCBidWRkaWVzLiA6LSkN CiAgICAgICovDQotICAgIGUgPSBjb21iaW5lKGRlbHRhLCBucGllY2VzLCBk bmFtZSwgcG5hbWUsIHRuYW1lKTsNCisgICAgZSA9IGNvbWJpbmUoZGVsdGEs IG5waWVjZXMsIGRuYW1lLCBwbmFtZSwgdG5hbWUsIHNpemVvZih0bmFtZSkp Ow0KICAgICBjbG9zZShsZmQpOw0KICAgICByZXR1cm4gZTsNCiAgICAgfQ0K QEAgLTQ5MCwyMyArNDk2LDI0IEBADQogICogaGFwcGVuZWQgdG8gYnkgbHlp bmcgYXJvdW5kIGluIHRoZSBjYWxsaW5nIHJvdXRpbmUuICBXYXN0ZSBub3Qs IHdhbnQgbm90IQ0KICAqLw0KIGludA0KLWNvbWJpbmUoY2hhciAqZGVsdGEs IGludCBucGllY2VzLCBjaGFyICpkbmFtZSwgY2hhciAqcG5hbWUsIGNoYXIg KnRuYW1lKQ0KK2NvbWJpbmUoY2hhciAqZGVsdGEsIGludCBucGllY2VzLCBj aGFyICpkbmFtZSwgY2hhciAqcG5hbWUsIGNoYXIgKnRuYW1lLCBpbnQgbGVu KQ0KICAgICB7DQogICAgIEZJTEUgKmRmcCwgKnBmcDsNCiAgICAgaW50IGRm ZDsNCiAgICAgaW50IGksIG4sIGU7DQogICAgIGNoYXIgYnVmW0JVRlNJWl07 DQogDQotICAgIHN0cmNweSh0bmFtZSwgZGVsdGFfZGlyKTsNCi0gICAgc3Ry Y2F0KHRuYW1lLCAiL2QuWFhYWFhYIik7DQotICAgIGlmICgoZGZkID0gbWtz dGVtcCh0bmFtZSkpIDwgMCkNCi0Jew0KLQllcnIoIipta3N0ZW1wOiAnJXMn IiwgdG5hbWUpOw0KLQlyZXR1cm4gMDsNCi0JfQ0KLSAgICBpZiAoKGRmcCA9 IGZkb3BlbihkZmQsICJ3IikpID09IE5VTEwpDQotCXsNCi0JZXJyKCJjYW5u b3Qgb3BlbiAnJXMnIGZvciB3cml0aW5nIiwgdG5hbWUpOw0KKyAgICBzdHJu Y3B5KHRuYW1lLCBkZWx0YV9kaXIsIGxlbik7DQorICAgIHN0cmxjYXQodG5h bWUsICIvZC5YWFhYWFhYWFhYIiwgbGVuKTsNCisgICAgaWYgKChkZmQgPSBt a3N0ZW1wKHRuYW1lKSkgPT0gLTEgfHwNCisJKGRmcCA9IGZkb3BlbihkZmQs ICJ3IikpID09IE5VTEwpDQorCXsNCisJaWYgKGRmZCAhPSAtMSkgew0KKwkg ICAgY2xvc2UoZGZkKTsNCisJICAgIGVycigiY2Fubm90IG9wZW4gJyVzJyBm b3Igd3JpdGluZyIsIHRuYW1lKTsNCisJICAgIH0NCisJZWxzZQ0KKwkgICAg ZXJyKCIqbWt0ZW1wOiAnJXMnIiwgdG5hbWUpOw0KIAlyZXR1cm4gMDsNCiAJ fQ0KIA0KQEAgLTUxNSw3ICs1MjIsNyBAQA0KICAgICAgKi8NCiAgICAgZm9y IChpID0gMTsgaSA8PSBucGllY2VzOyBpKyspDQogCXsNCi0JbWtfcGllY2Vf bmFtZShwbmFtZSwgZGVsdGEsIGksIG5waWVjZXMpOw0KKwlta19waWVjZV9u YW1lKHBuYW1lLCBsZW4sIGRlbHRhLCBpLCBucGllY2VzKTsNCiAJaWYgKChw ZnAgPSBmb3BlbihwbmFtZSwgInIiKSkgPT0gTlVMTCkNCiAJICAgIHsNCiAJ ICAgIGVycigiY2Fubm90IG9wZW4gJyVzJyBmb3IgcmVhZGluZyIsIHBuYW1l KTsNCkBAIC01NDUsNyArNTUyLDcgQEANCiAJcmV0dXJuIDA7DQogCX0NCiAN Ci0gICAgbWtfZGVsdGFfbmFtZShkbmFtZSwgZGVsdGEpOw0KKyAgICBta19k ZWx0YV9uYW1lKGRuYW1lLCBsZW4sIGRlbHRhKTsNCiAgICAgaWYgKHJlbmFt ZSh0bmFtZSwgZG5hbWUpIDwgMCkNCiAJew0KIAllcnIoIipyZW5hbWU6ICcl cycgdG8gJyVzJyIsIHRuYW1lLCBkbmFtZSk7DQpAQCAtNTU4LDcgKzU2NSw3 IEBADQogICAgICAqLw0KICAgICBmb3IgKGkgPSAxOyBpIDw9IG5waWVjZXM7 IGkrKykNCiAJew0KLQlta19waWVjZV9uYW1lKHBuYW1lLCBkZWx0YSwgaSwg bnBpZWNlcyk7DQorCW1rX3BpZWNlX25hbWUocG5hbWUsIGxlbiwgZGVsdGEs IGksIG5waWVjZXMpOw0KIAlpZiAodW5saW5rKHBuYW1lKSA8IDApDQogCSAg ICBlcnIoIip1bmxpbms6ICclcyciLCBwbmFtZSk7DQogCX0NCkBAIC02NDgs MTUgKzY1NSw5IEBADQogICAgIHsNCiAgICAgaW50IGxmZDsNCiANCi0gICAg aWYgKChsZmQgPSBvcGVuKG5hbWUsIE9fV1JPTkxZfE9fQ1JFQVQsIDA2MDAp KSA8IDApDQorICAgIGlmICgobGZkID0gb3BlbihuYW1lLCBPX1dST05MWXxP X0NSRUFUfE9fRVhMT0NLLCAwNjAwKSkgPCAwKQ0KIAl7DQogCWVycigiKm9w ZW46ICclcyciLCBuYW1lKTsNCi0JcmV0dXJuIC0xOw0KLQl9DQotICAgIGlm IChmbG9jayhsZmQsIExPQ0tfRVgpIDwgMCkNCi0Jew0KLQljbG9zZShsZmQp Ow0KLQllcnIoIipmbG9jazogJyVzJyIsIG5hbWUpOw0KIAlyZXR1cm4gLTE7 DQogCX0NCiAgICAgcmV0dXJuIGxmZDsNCg== --0-862565871-943685802=:86657-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 27 0:15:51 1999 Delivered-To: freebsd-audit@freebsd.org Received: from november.jaded.net (november.jaded.net [216.94.113.4]) by hub.freebsd.org (Postfix) with ESMTP id EB15F154A3 for ; Sat, 27 Nov 1999 00:15:48 -0800 (PST) (envelope-from dan@november.jaded.net) Received: (from dan@localhost) by november.jaded.net (8.9.3/8.9.3+trinsec_nospam) id DAA19729 for freebsd-audit@freebsd.org; Sat, 27 Nov 1999 03:15:48 -0500 (EST) Date: Sat, 27 Nov 1999 03:15:47 -0500 From: Dan Moschuk To: freebsd-audit@freebsd.org Subject: New Random PID patch using arc4 available Message-ID: <19991127031547.A19711@november.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.4i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've put another patch online that moves away from random() and uses arc4random() instead. http://www.freebsd.org/~dan/arc4random.c http://www.freebsd.org/~dan/randompid.patch You'll need to install arc4random.c into /sys/libkern manually (sorry). Cheers! -- Dan Moschuk (TFreak!dan@freebsd.org) "Try not. Do, or do not. There is no try." -- Yoda To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message From owner-freebsd-audit Sat Nov 27 22:22:32 1999 Delivered-To: freebsd-audit@freebsd.org Received: from spirit.jaded.net (dialin2899.toronto.globalserve.net [209.90.160.135]) by hub.freebsd.org (Postfix) with ESMTP id B39C315027 for ; Sat, 27 Nov 1999 22:22:15 -0800 (PST) (envelope-from dan@spirit.jaded.net) Received: (from dan@localhost) by spirit.jaded.net (8.9.3/8.9.3) id BAA24411 for freebsd-audit@freebsd.org; Sun, 28 Nov 1999 01:24:20 -0500 (EST) Date: Sun, 28 Nov 1999 01:24:20 -0500 From: Dan Moschuk To: freebsd-audit@freebsd.org Subject: Last random PID patch before commit Message-ID: <19991128012420.A48334@spirit.jaded.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Here's the last functionality change before I commit this. I doubt that using random() to generate the key used to shuffle the ARC4 algorithm is the absolute best way of doing it, but, It Works(tm). The other option I looked at was read_random(), but I'm not 100% certain that it will have built up sufficient entropy by the time the code is called (usually at bootup). At any rate... Index: i386/conf/files.i386 =================================================================== RCS file: /home/ncvs/src/sys/i386/conf/files.i386,v retrieving revision 1.281 diff -u -r1.281 files.i386 --- files.i386 1999/11/25 20:45:45 1.281 +++ files.i386 1999/11/28 06:04:52 @@ -373,6 +373,7 @@ isa/syscons_isa.c optional sc isa/vga_isa.c optional vga kern/subr_diskmbr.c standard +libkern/arc4random.c standard libkern/bcd.c standard libkern/divdi3.c standard libkern/index.c standard Index: kern/kern_fork.c =================================================================== RCS file: /home/ncvs/src/sys/kern/kern_fork.c,v retrieving revision 1.69 diff -u -r1.69 kern_fork.c --- kern_fork.c 1999/11/19 21:29:03 1.69 +++ kern_fork.c 1999/11/28 06:05:02 @@ -142,6 +142,9 @@ int nprocs = 1; /* process 0 */ static int nextpid = 0; +static int randompid = 0; +SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RW, &randompid, 0, ""); + int fork1(p1, flags, procp) struct proc *p1; @@ -262,8 +265,8 @@ * restart somewhat above 0, as the low-numbered procs * tend to include daemons that don't exit. */ - if (nextpid >= PID_MAX) { - nextpid = 100; + if (nextpid >= PID_MAX || randompid) { + nextpid = (randompid) ? arc4random() % PID_MAX : 100; pidchecked = 0; } if (nextpid >= pidchecked) { Index: libkern/arc4random.c =================================================================== RCS file: arc4random.c diff -N arc4random.c --- /dev/null Sat Nov 27 21:16:45 1999 +++ arc4random.c Sat Nov 27 22:05:05 1999 @@ -0,0 +1,95 @@ +/*- + * THE BEER-WARE LICENSE + * + * wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you + * think this stuff is worth it, you can buy me a beer in return. + * + * Dan Moschuk + * + * $FreeBSD$ + */ + +#include +#include + +static u_int8_t arc4_i, arc4_j; +static int arc4_initialized = 0; +static u_int8_t arc4_sbox[256]; + +static void arc4_init __P((void)); +static u_int8_t arc4_randbyte __P((void)); +static __inline void arc4_swap __P((u_int8_t *, u_int8_t *)); + +static __inline void +arc4_swap(a, b) + u_int8_t *a; + u_int8_t *b; +{ + u_int8_t c; + + c = *a; + *a = *b; + *b = c; +} + +/* + * Initialize our S-box to its beginning defaults. + */ +static void +arc4_init(void) +{ + struct timespec ts; + u_int8_t key[256]; + int n; + + for (n = 0; n < 256; n++) + arc4_sbox[n] = (u_int8_t) n; + + nanotime(&ts); + srandom(ts.tv_sec ^ ts.tv_nsec); + for (n = 0; n < 256; n++) + key[n] = random() % 256; + + arc4_i = arc4_j = 0; + for (n = 0; n < 256; n++) + { + arc4_j = (arc4_j + arc4_sbox[n] + key[n]); + arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]); + } + arc4_initialized = 1; +} + +/* + * Generate a random byte. + */ +static u_int8_t +arc4_randbyte(void) +{ + u_int8_t arc4_t; + + arc4_i = (arc4_i + 1) % 256; + arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256; + + arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]); + + arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256; + return arc4_sbox[arc4_t]; +} + +u_int32_t +arc4random(void) +{ + u_int32_t ret; + + /* Initialize array if needed. */ + if (!arc4_initialized) + arc4_init(); + + ret = arc4_randbyte(); + ret |= arc4_randbyte() << 8; + ret |= arc4_randbyte() << 16; + ret |= arc4_randbyte() << 24; + + return ret; +} Index: sys/libkern.h =================================================================== RCS file: /home/ncvs/src/sys/sys/libkern.h,v retrieving revision 1.18 diff -u -r1.18 libkern.h --- libkern.h 1999/11/21 04:26:47 1.18 +++ libkern.h 1999/11/28 06:05:29 @@ -61,6 +61,7 @@ static __inline u_long ulmin(u_long a, u_long b) { return (a < b ? a : b); } /* Prototypes for non-quad routines. */ +u_int32_t arc4random __P((void)); int bcmp __P((const void *, const void *, size_t)); #ifndef HAVE_INLINE_FFS int ffs __P((int)); -- Dan Moschuk (TFreak!dan@freebsd.org) "Cure for global warming: One giant heatsink and dual fans!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message