From owner-freebsd-current@FreeBSD.ORG Tue Sep 16 19:48:27 2008 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBCB8106566C for ; Tue, 16 Sep 2008 19:48:27 +0000 (UTC) (envelope-from max@love2party.net) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.183]) by mx1.freebsd.org (Postfix) with ESMTP id 6B8D08FC22 for ; Tue, 16 Sep 2008 19:48:27 +0000 (UTC) (envelope-from max@love2party.net) Received: from vampire.homelinux.org (dslb-088-066-024-094.pools.arcor-ip.net [88.66.24.94]) by mrelayeu.kundenserver.de (node=mrelayeu8) with ESMTP (Nemesis) id 0ML31I-1KfgXB3goV-0000u4; Tue, 16 Sep 2008 21:48:26 +0200 Received: (qmail 63130 invoked from network); 16 Sep 2008 19:48:24 -0000 Received: from fbsd8.laiers.local (192.168.4.151) by laiers.local with SMTP; 16 Sep 2008 19:48:24 -0000 From: Max Laier Organization: FreeBSD To: freebsd-current@freebsd.org Date: Tue, 16 Sep 2008 21:48:23 +0200 User-Agent: KMail/1.10.1 (FreeBSD/8.0-CURRENT; KDE/4.1.1; i386; ; ) References: <20080916140319.GA34447@nagual.pp.ru> <200809161827.07627.max@love2party.net> <20080916164558.GA41258@nagual.pp.ru> In-Reply-To: <20080916164558.GA41258@nagual.pp.ru> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200809162148.24090.max@love2party.net> X-Provags-ID: V01U2FsdGVkX1+dLT/of9UN9txon4nf4cYtkZXwJG6aK8Ogd9J 4pkZRGI6Uh4ycJO/Z5BRyy7U3HYVcqwdGchKEfikbsC0jBHrfm 05KJCjuK7bF3u0pfg01Yw== Cc: Daniel Eischen , Andrey Chernov Subject: Re: Is fork() hook ever possible? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2008 19:48:27 -0000 On Tuesday 16 September 2008 18:45:58 Andrey Chernov wrote: > On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote: > > On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote: > > > I need some sort of fork() hook to detect that pid is changed to > > > re-stir ar4random() after that (in the child), simple flag variable > > > with child's pid is needed. > > > > > > Currently OpenBSD does almost that checking getpid() every time > > > arc4random() called, but it is very slow way to use getpid() syscall > > > repeatedly, about 12-15 times slower than just arc4random() without > > > getpid(). > > > > > > Any ideas? > > > > I guess the goal here is not to leak the state of the seed to the child, > > right? > > > > Wouldn't it be easier to do something like this in libc's fork(): > > > > arc4random_stir(); /* create a new seed for the child */ > > fork_syscall(); > > if (parent) > > arc4random_stir(); /* create a new seed for the parent */ > > > > This should solve the problem and doesn't require any handling in > > arc4random. Of course, programs that call the fork syscall directly won't > > benefit, but then again ... they are using the syscall directly and > > should know what they are doing, right? > > Calling arc4random_stir() inside fork() will slow down fork() and is not > acceptable because of it. Slow down here. You haven't answered my question. What exactly is the issue this is supposed to fix? Do we want to prevent a child from knowing what the next few arc4random outputs of its parent will be? Or are we only concerned that the next few arc4random of the parent and child should not be the same? If the former, there is no way around destroying the state of the seed prior to fork. If the latter ... On Tuesday 16 September 2008 19:21:37 Daniel Eischen wrote: > Could you add a new interface, arc4random_setstir() or something, > to set a flag that indicates a stir should be done at the next > opportunity? ... this certainly is the right solution. arc4random() should not care about pids and such - IMHO, of course. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News