Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Sep 2008 13:21:37 -0400 (EDT)
From:      Daniel Eischen <deischen@freebsd.org>
To:        Andrey Chernov <ache@nagual.pp.ru>
Cc:        Max Laier <max@love2party.net>, freebsd-current@freebsd.org
Subject:   Re: Is fork() hook ever possible?
Message-ID:  <Pine.GSO.4.64.0809161319270.9211@sea.ntplx.net>
In-Reply-To: <20080916164558.GA41258@nagual.pp.ru>
References:  <20080916140319.GA34447@nagual.pp.ru> <200809161827.07627.max@love2party.net> <20080916164558.GA41258@nagual.pp.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 16 Sep 2008, Andrey Chernov wrote:

> On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote:
>> On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote:
>>> I need some sort of fork() hook to detect that pid is changed to re-stir
>>> ar4random() after that (in the child), simple flag variable with
>>> child's pid is needed.
>>>
>>> Currently OpenBSD does almost that checking getpid() every time
>>> arc4random() called, but it is very slow way to use getpid() syscall
>>> repeatedly, about 12-15 times slower than just arc4random() without
>>> getpid().
>>>
>>> Any ideas?
>>
>> I guess the goal here is not to leak the state of the seed to the child,
>> right?
>>
>> Wouldn't it be easier to do something like this in libc's fork():
>>
>>   arc4random_stir();		/* create a new seed for the child */
>>   fork_syscall();
>>   if (parent)
>>      arc4random_stir();	/* create a new seed for the parent */
>>
>> This should solve the problem and doesn't require any handling in arc4random.
>> Of course, programs that call the fork syscall directly won't benefit, but
>> then again ... they are using the syscall directly and should know what they
>> are doing, right?
>
> Calling arc4random_stir() inside fork() will slow down fork() and is not
> acceptable because of it.

Could you add a new interface, arc4random_setstir() or something,
to set a flag that indicates a stir should be done at the next
opportunity?

-- 
DE

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.64.0809161319270.9211>