Date: Tue, 15 Nov 2011 02:11:03 +0100 From: Oliver Pinter <oliver.pntr@gmail.com> To: Andrey Chernov <ache@freebsd.org>, das@freebsd.org, current@freebsd.org, secteam@freebsd.org Subject: Re: Is fork() hook ever possible? Message-ID: <CAPjTQNFSbkiaDUzMh_WYffM9vF1-H3j-FA2FZJfHR-0uJyJ3eQ@mail.gmail.com> In-Reply-To: <20111115004443.GA50429@vniz.net> References: <20080916140319.GA34447@nagual.pp.ru> <20080916201932.GA59781@zim.MIT.EDU> <20111112102241.GA75396@vniz.net> <20111112154135.GA21512@zim.MIT.EDU> <20111112171531.GA83419@vniz.net> <20111114013004.GA53392@zim.MIT.EDU> <20111114192721.GA16834@vniz.net> <20111114205855.GB58790@zim.MIT.EDU> <20111114212926.GA28783@vniz.net> <20111114230855.GA59545@zim.MIT.EDU> <20111115004443.GA50429@vniz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/15/11, Andrey Chernov <ache@freebsd.org> wrote: > On Mon, Nov 14, 2011 at 06:08:55PM -0500, David Schultz wrote: >> Not quite. OpenBSD's implementation is more careful. I just >> noticed a funny thing about FreeBSD's KERN_ARND sysctl: If the >> random device isn't (or can't be) loaded, KERN_ARND silently >> decides to initialize itself with the output of random(). This >> means that whatever minuscule amount of entropy it might have >> picked up from the clock is reduced to a maximum of 31 bits. >> That's a fantastic way to provide a false sense of security... > > I agree. > > Lets separate two things: "no /dev/random for jails" and "no random kernel > module is loaded". > IMHO kernel module should _not_ be optional anymore, it solves problem you > describe and all similar problems at once. > > Adding KERN_ARND to arc4random() at this moment solves "no /dev/random for > jails" problem alone and _not_ pretends to solve "no random kernel module > is loaded" problem. When random kernel module will become non-optional, > KERN_ARND automagically makes good security in that place too. > > P.S. Do I answer your doubts about &rdat key initialization in my prev. > posting? I think it's a much correct solution, rather than the original patch, while it initializes the whole structure, not only the key array... (&rdat.key vs &rdat; and uninitialized pid and tv): fd = _open(RANDOMDEV, O_RDONLY, 0); done = 0; if (fd >= 0) { - if (_read(fd, &rdat, KEYSIZE) == KEYSIZE) + if (_read(fd, &rdat, sizeof(rdat)) == sizeof(rdat)) done = 1; (void)_close(fd); - } + } > > -- > http://ache.vniz.net/ > _______________________________________________ > freebsd-current@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPjTQNFSbkiaDUzMh_WYffM9vF1-H3j-FA2FZJfHR-0uJyJ3eQ>