Date: Tue, 16 Sep 2008 21:48:23 +0200 From: Max Laier <max@love2party.net> To: freebsd-current@freebsd.org Cc: Daniel Eischen <deischen@freebsd.org>, Andrey Chernov <ache@nagual.pp.ru> Subject: Re: Is fork() hook ever possible? Message-ID: <200809162148.24090.max@love2party.net> In-Reply-To: <20080916164558.GA41258@nagual.pp.ru> References: <20080916140319.GA34447@nagual.pp.ru> <200809161827.07627.max@love2party.net> <20080916164558.GA41258@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 16 September 2008 18:45:58 Andrey Chernov wrote: > On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote: > > On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote: > > > I need some sort of fork() hook to detect that pid is changed to > > > re-stir ar4random() after that (in the child), simple flag variable > > > with child's pid is needed. > > > > > > Currently OpenBSD does almost that checking getpid() every time > > > arc4random() called, but it is very slow way to use getpid() syscall > > > repeatedly, about 12-15 times slower than just arc4random() without > > > getpid(). > > > > > > Any ideas? > > > > I guess the goal here is not to leak the state of the seed to the child, > > right? > > > > Wouldn't it be easier to do something like this in libc's fork(): > > > > arc4random_stir(); /* create a new seed for the child */ > > fork_syscall(); > > if (parent) > > arc4random_stir(); /* create a new seed for the parent */ > > > > This should solve the problem and doesn't require any handling in > > arc4random. Of course, programs that call the fork syscall directly won't > > benefit, but then again ... they are using the syscall directly and > > should know what they are doing, right? > > Calling arc4random_stir() inside fork() will slow down fork() and is not > acceptable because of it. Slow down here. You haven't answered my question. What exactly is the issue this is supposed to fix? Do we want to prevent a child from knowing what the next few arc4random outputs of its parent will be? Or are we only concerned that the next few arc4random of the parent and child should not be the same? If the former, there is no way around destroying the state of the seed prior to fork. If the latter ... On Tuesday 16 September 2008 19:21:37 Daniel Eischen wrote: > Could you add a new interface, arc4random_setstir() or something, > to set a flag that indicates a stir should be done at the next > opportunity? ... this certainly is the right solution. arc4random() should not care about pids and such - IMHO, of course. -- /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809162148.24090.max>