From owner-freebsd-current@FreeBSD.ORG Tue Sep 16 17:31:58 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 65DBE1065686 for ; Tue, 16 Sep 2008 17:31:58 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from mail.netplex.net (mail.netplex.net [204.213.176.10]) by mx1.freebsd.org (Postfix) with ESMTP id 27B688FC16 for ; Tue, 16 Sep 2008 17:31:57 +0000 (UTC) (envelope-from deischen@freebsd.org) Received: from sea.ntplx.net (sea.ntplx.net [204.213.176.11]) by mail.netplex.net (8.14.3/8.14.3/NETPLEX) with ESMTP id m8GHLbNu017387; Tue, 16 Sep 2008 13:21:37 -0400 (EDT) X-Virus-Scanned: by AMaViS and Clam AntiVirus (mail.netplex.net) X-Greylist: Message whitelisted by DRAC access database, not delayed by milter-greylist-4.0 (mail.netplex.net [204.213.176.10]); Tue, 16 Sep 2008 13:21:37 -0400 (EDT) Date: Tue, 16 Sep 2008 13:21:37 -0400 (EDT) From: Daniel Eischen X-X-Sender: eischen@sea.ntplx.net To: Andrey Chernov In-Reply-To: <20080916164558.GA41258@nagual.pp.ru> Message-ID: References: <20080916140319.GA34447@nagual.pp.ru> <200809161827.07627.max@love2party.net> <20080916164558.GA41258@nagual.pp.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Max Laier , freebsd-current@freebsd.org Subject: Re: Is fork() hook ever possible? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Eischen List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 17:31:58 -0000 On Tue, 16 Sep 2008, Andrey Chernov wrote: > On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote: >> On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote: >>> I need some sort of fork() hook to detect that pid is changed to re-stir >>> ar4random() after that (in the child), simple flag variable with >>> child's pid is needed. >>> >>> Currently OpenBSD does almost that checking getpid() every time >>> arc4random() called, but it is very slow way to use getpid() syscall >>> repeatedly, about 12-15 times slower than just arc4random() without >>> getpid(). >>> >>> Any ideas? >> >> I guess the goal here is not to leak the state of the seed to the child, >> right? >> >> Wouldn't it be easier to do something like this in libc's fork(): >> >> arc4random_stir(); /* create a new seed for the child */ >> fork_syscall(); >> if (parent) >> arc4random_stir(); /* create a new seed for the parent */ >> >> This should solve the problem and doesn't require any handling in arc4random. >> Of course, programs that call the fork syscall directly won't benefit, but >> then again ... they are using the syscall directly and should know what they >> are doing, right? > > Calling arc4random_stir() inside fork() will slow down fork() and is not > acceptable because of it. Could you add a new interface, arc4random_setstir() or something, to set a flag that indicates a stir should be done at the next opportunity? -- DE