Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 16 Mar 2017 13:48:45 +0100
From:      =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To:        Andrey Chernov <ache@freebsd.org>
Cc:        Steven Chamberlain <steven@pyro.eu.org>, freebsd-security@freebsd.org, freebsd-hackers@freebsd.org
Subject:   Re: arc4random weakness
Message-ID:  <86k27pz8sy.fsf@desk.des.no>
In-Reply-To: <5160183b-9778-59aa-6cf9-118014a588eb@freebsd.org> (Andrey Chernov's message of "Wed, 15 Mar 2017 23:13:26 %2B0300")
References:  <CAD2Ti28acbW%2BpGQR5UihECWvg9WduGmVzkVFug_2ZWRF2zyTBw@mail.gmail.com> <20170313220639.GB65190@pyro.eu.org> <20170315130615.GC25448@pyro.eu.org> <5160183b-9778-59aa-6cf9-118014a588eb@freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Andrey Chernov <ache@freebsd.org> writes:
> Steven Chamberlain <steven@pyro.eu.org> writes:
> > Also it is great to see INHERIT_ZERO was added to mmap(2)!
> It is not so great. For a program which forks very often zeroing even
> one page will be slowdown.

Wouldn't it be possible to just set up the page entry but leave it
unmapped, so that it is paged in (and zeroed if necessary) on first
access?  Thus, a process that uses arc4random() and fork()s would not
incur a penalty until (and unless) the child uses arc4random() too.

> It will be better and faster to implement it as fork syscall wrapper
> setting single variable, as it already done for threaded lib.

fork() and vfork() and pdfork() and...  From a security point of view, I
prefer to have it in a single place.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86k27pz8sy.fsf>