From owner-freebsd-current@FreeBSD.ORG Tue Sep 16 17:09:53 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5AB6F106564A for ; Tue, 16 Sep 2008 17:09:53 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (nagual.pp.ru [194.87.13.69]) by mx1.freebsd.org (Postfix) with ESMTP id C426C8FC18 for ; Tue, 16 Sep 2008 17:09:52 +0000 (UTC) (envelope-from ache@nagual.pp.ru) Received: from nagual.pp.ru (ache@localhost [127.0.0.1]) by nagual.pp.ru (8.14.3/8.14.3) with ESMTP id m8GGjwcJ041651; Tue, 16 Sep 2008 20:45:58 +0400 (MSD) (envelope-from ache@nagual.pp.ru) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nagual.pp.ru; s=default; t=1221583558; bh=WbTCRwNGElNMhrax+4zjEcqj07C3HWuo9kXLIUP /wBo=; l=1290; h=Date:From:To:Cc:Subject:Message-ID:References: MIME-Version:Content-Type:In-Reply-To; b=MZmAFyAhaVuXKgGQbWxSuDF7X FhS008joMp1yaPgc+qcGu8TOr9/9LMxpF3CxbatU87yRlRxLvhW+Gfk1iD+6Z980m4U +wWd8fGtDphfoCQ6TxCy0AIT1q+8+80EtyEam0HE30wORIogBXtVl8ny4xCNcJ4e9EM YQCbq1TI9vzE= Received: (from ache@localhost) by nagual.pp.ru (8.14.3/8.14.3/Submit) id m8GGjwjg041650; Tue, 16 Sep 2008 20:45:58 +0400 (MSD) (envelope-from ache) Date: Tue, 16 Sep 2008 20:45:58 +0400 From: Andrey Chernov To: Max Laier Message-ID: <20080916164558.GA41258@nagual.pp.ru> Mail-Followup-To: Andrey Chernov , Max Laier , freebsd-current@freebsd.org References: <20080916140319.GA34447@nagual.pp.ru> <200809161827.07627.max@love2party.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200809161827.07627.max@love2party.net> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-current@freebsd.org Subject: Re: Is fork() hook ever possible? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 17:09:53 -0000 On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote: > On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote: > > I need some sort of fork() hook to detect that pid is changed to re-stir > > ar4random() after that (in the child), simple flag variable with > > child's pid is needed. > > > > Currently OpenBSD does almost that checking getpid() every time > > arc4random() called, but it is very slow way to use getpid() syscall > > repeatedly, about 12-15 times slower than just arc4random() without > > getpid(). > > > > Any ideas? > > I guess the goal here is not to leak the state of the seed to the child, > right? > > Wouldn't it be easier to do something like this in libc's fork(): > > arc4random_stir(); /* create a new seed for the child */ > fork_syscall(); > if (parent) > arc4random_stir(); /* create a new seed for the parent */ > > This should solve the problem and doesn't require any handling in arc4random. > Of course, programs that call the fork syscall directly won't benefit, but > then again ... they are using the syscall directly and should know what they > are doing, right? Calling arc4random_stir() inside fork() will slow down fork() and is not acceptable because of it. -- http://ache.pp.ru/