Date: Sun, 28 Nov 1999 01:15:08 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: Dan Moschuk <dan@freebsd.org> Cc: freebsd-audit@freebsd.org Subject: Re: Last random PID patch before commit Message-ID: <Pine.BSF.4.21.9911280042420.89688-100000@hub.freebsd.org> In-Reply-To: <19991128012420.A48334@spirit.jaded.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 28 Nov 1999, Dan Moschuk wrote:
> Here's the last functionality change before I commit this. I doubt that using
> random() to generate the key used to shuffle the ARC4 algorithm is the
> absolute best way of doing it, but, It Works(tm). The other option I looked
> at was read_random(), but I'm not 100% certain that it will have built up
> sufficient entropy by the time the code is called (usually at bootup).
You seed random() using the current time. This is practically a
known quantity, since the system boot time is public
information (you just have to guess the delta until the RNG was
initialised). Using /dev/random seems much better, as you at least have
some entropy (to be certain, you could measure how much is in the pool at
the time the RNG is seeded). I'm not sure why you didn't just use the
existing arc4random.c implementation, which a) seeds both using the time,
and whatever is already in the entropy pool at that point, and b) reseeds
periodically.
> static int nextpid = 0;
>
> +static int randompid = 0;
> +SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RW, &randompid, 0, "");
> +
> int
> fork1(p1, flags, procp)
> struct proc *p1;
> @@ -262,8 +265,8 @@
> * restart somewhat above 0, as the low-numbered procs
> * tend to include daemons that don't exit.
> */
> - if (nextpid >= PID_MAX) {
> - nextpid = 100;
> + if (nextpid >= PID_MAX || randompid) {
> + nextpid = (randompid) ? arc4random() % PID_MAX : 100;
> pidchecked = 0;
> }
You only seem to be randomizing the PIDs in the case when they wrap around
to 0. OpenBSD have an extra conditional in there which forces this to
always be the case.
> Index: libkern/arc4random.c
> ===================================================================
> RCS file: arc4random.c
> diff -N arc4random.c
> --- /dev/null Sat Nov 27 21:16:45 1999
> +++ arc4random.c Sat Nov 27 22:05:05 1999
> @@ -0,0 +1,95 @@
> +/*-
> + * THE BEER-WARE LICENSE
> + *
> + * <dan@FreeBSD.ORG> wrote this file. As long as you retain this notice you
> + * can do whatever you want with this stuff. If we meet some day, and you
> + * think this stuff is worth it, you can buy me a beer in return.
Why not just use the arc4random.c we already have (+ any openbsd changes)
and tweak it, instead of rewriting from scratch? sys/dev/rnd.c in
OpenBSD..
Kris
----
Just remember, as you celebrate Thanksgiving with your family feasts of
turkey, cranberries, stuffing, gravy, mashed potatoes, squash, corn,
cornbread, apples, pickles, dumplings, fish, orangutans, fruitbats,
breakfast cereals, and so forth, to keep in mind the true reason for the
season: The birth of Santa.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911280042420.89688-100000>