From owner-freebsd-hackers@FreeBSD.ORG  Fri Jul  8 15:35:05 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
X-Original-To: freebsd-hackers@FreeBSD.org
Delivered-To: freebsd-hackers@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 91F9B16A41C
	for <freebsd-hackers@FreeBSD.org>; Fri,  8 Jul 2005 15:35:05 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from postfix3-1.free.fr (postfix3-1.free.fr [213.228.0.44])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4133E43D45
	for <freebsd-hackers@FreeBSD.org>; Fri,  8 Jul 2005 15:35:05 +0000 (GMT)
	(envelope-from tataz@tataz.chchile.org)
Received: from tatooine.tataz.chchile.org
	(vol75-8-82-233-239-98.fbx.proxad.net [82.233.239.98])
	by postfix3-1.free.fr (Postfix) with ESMTP id B95C11734A0
	for <freebsd-hackers@FreeBSD.org>;
	Fri,  8 Jul 2005 17:35:03 +0200 (CEST)
Received: by tatooine.tataz.chchile.org (Postfix, from userid 1000)
	id C0B34405B; Fri,  8 Jul 2005 17:35:06 +0200 (CEST)
Date: Fri, 8 Jul 2005 17:35:06 +0200
From: Jeremie Le Hen <jeremie@le-hen.org>
To: freebsd-hackers@FreeBSD.org
Message-ID: <20050708153506.GM39292@obiwan.tataz.chchile.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
Cc: 
Subject: ProPolice: best way to fill canary
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jul 2005 15:35:05 -0000

Hello hackers,

I'm going to disturb you once again with ProPolice.  The original
ProPolice patch, as well as most of FreeBSD variants and Linux one,
uses /dev/urandom to fill the "canary" with random data (the canary
is what is going to be put between buffer and return address in the
stack).  OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this
is a sysctl front-end to the arc4random() function).

I don't really see the pros and cons between the two methods, so I'd
like taste your opinions.

Note that the first method (opening /dev/urandom) requires to patch
open(2) wrapper from libpthread and libthr (cognet@ did this for me),
in order to initialize _thr_initial, because the SSP constructor is
called quite early.

The second method requires to introduce the kern.arnd sysctl
(KERN_ARND).  FYI, note that NetBSD has kern.urandom (KERN_URND) and
they define KERN_ARND to be an alias to this.

Your comments will be welcome.

Best regards,
-- 
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >