From owner-freebsd-security@freebsd.org Wed Jan 17 14:21:00 2018 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE7B8E73167 for ; Wed, 17 Jan 2018 14:21:00 +0000 (UTC) (envelope-from brahma.gdb@gmail.com) Received: from mail-io0-x231.google.com (mail-io0-x231.google.com [IPv6:2607:f8b0:4001:c06::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A0A51714CC for ; Wed, 17 Jan 2018 14:21:00 +0000 (UTC) (envelope-from brahma.gdb@gmail.com) Received: by mail-io0-x231.google.com with SMTP id 25so21005915ioj.9 for ; Wed, 17 Jan 2018 06:21:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=bMjl26Vtb9+0idX714Jm7NY+W2ML04WB/R2XL5a+uyg=; b=uZeW0Mak0tQH9nHnge8SRk3Yg6OC7Ixv1XpECwhyTvE0fJQudaJ3FCkv/8Jfc4noeH swfx1rAnMkJvC3Uf2KoHdaNuHsW1z2nmDbFG3DNmUiQaIXV8dm+RpBO50/VSE7OR6QiA SLC7w7UgIIyLFg8pN1ptacTUKCMsatRmW4y1VdEEA3ggT0btv8IaOZsp4hJNKtkC4AO6 Bvc/59KzGx/YWbuC6d+rHnZ8KrwYZbkMnklZ+gU1KOA01R0NDwHZAFmYbHRMxc/Kh4Mi Y5PzhZY+9gBVTP8z9rk4/SDHTabURx44Qsy3Znan8k5HW/UOivdril1ILDFpzvIGiu+q ct5w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bMjl26Vtb9+0idX714Jm7NY+W2ML04WB/R2XL5a+uyg=; b=qbeKjJ3hQoh/BRpHXnDKwHdq0z5tHmeXw3Vd4QmzZ4yiFGpro+MZKvshXVWGpt1gxz nDzwPe3ht9IG13VNjqkP1eMyk1QDAPrhI4+//mipB0cf6GhBDv/Dx8M7/ZzaxRIB1ipj cx1Qbi56+UehOEg8bb+hm2Dy3jucm0R7Cnxi96ruj9EqdEz1uPS+FcE/f1fYvSw3oFQN fAM5WHvSbncK61rNkEzfE7CeLO4g+/yRr/ba25yWEqyqtjA2NxksSOd6iZPsjnkf58mc 4rz2yKxexMmA+GwONDH74BIzvGO3OqFm9j5b4BTl6rb/aU7gRwK6z0vpfHbzcfuTDZ/Z j2gw== X-Gm-Message-State: AKwxytcsWJa+Gt5J/SFv6pbe/IO0zkGZhx92L11xHTZ1djADHeGUHuuY 0pFX6Ap6QcUOId5c4HJnGdSRYEHgFnuQybjuJVh/Gw== X-Google-Smtp-Source: ACJfBovUFIGPJYQBOvgQoaoeLEEt5jEfSR5PMwGw03dRAmZyTNbkXtHpWTcLie4Jf1I8ieD5fGlS1/QsfC6x2RTOjGA= X-Received: by 10.107.82.15 with SMTP id g15mr11135708iob.157.1516198859935; Wed, 17 Jan 2018 06:20:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.79.46.85 with HTTP; Wed, 17 Jan 2018 06:20:59 -0800 (PST) In-Reply-To: <20180112074115.GB75633@server.rulingia.com> References: <44k1wnes1w.fsf@be-well.ilk.org> <20180112061425.GA75633@server.rulingia.com> <20180112074115.GB75633@server.rulingia.com> From: Brahmanand Reddy Date: Wed, 17 Jan 2018 19:50:59 +0530 Message-ID: Subject: Re: Need FreeBSD-SA-00:52(TCP uses weak initial sequence numbers) latest patch To: Peter Jeremy Cc: freebsd-security@freebsd.org X-Mailman-Approved-At: Wed, 17 Jan 2018 16:16:55 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Jan 2018 14:21:01 -0000 Hi Peter, My last question on this , recently "Replaced the kernel RC4(arc4random) with Chacha20" on 11.0 kernel should we apply on 10.4 kernel ?? please find the corresponding review and fix https://reviews.freebsd.org/D10048 and https://reviews.freebsd.org/rS317015 Thanks in advance, Brahma On Fri, Jan 12, 2018 at 1:11 PM, Peter Jeremy wrote: > On 2018-Jan-12 12:33:21 +0530, Brahmanand Reddy > wrote: > >TCP uses weak initial sequence numbers > >https://www.freebsd.org/security/advisories/FreeBSD- > SA-00%3A52.tcp-iss.asc > > As has been pointed out to you several times in this thread, that SA is > nearly 20 years old and there is no evidence that TCP on any recent FreeBSD > uses weak ISNs. > > >actually "arc4random()" will take care on https://github.com/freebsd/ > >freebsd/blob/master/sys/netinet/tcp_subr.c#L2374 > > Without studying the code in detail, that code appears to correctly use > arc4random() to initialise the ISN - which is as expected. > > > I suspecting 10.4 already having fix... but i didn't found on exactly > >which this problem from https://www.freebsd.org/security/patches/ > > Well, the original patch is > https://www.freebsd.org/security/patches/SA-00%3A52/ and was committed > as what is now https://svnweb.freebsd.org/base?view=revision&revision= > 66433 > Since that patch is integrated into the FreeBSD codebase, there's no need > to update the contents of https://www.freebsd.org/ > security/patches/SA-00%3A52/ > and it is not relevant to the current codebase. > > > i would like expecting where is the fix in 10,4 kernel. > > That code was re-written in r82122, retaining the use of arc4random() for > ISN initialisation. As a result, it's no longer possible to point at > specific code and say "that code fixes weak TCP ISNs". > > -- > Peter Jeremy >