Date: Sun, 28 Nov 1999 13:04:32 -0500 From: Dan Moschuk <dan@freebsd.org> To: Kris Kennaway <kris@hub.freebsd.org> Cc: freebsd-audit@freebsd.org Subject: Re: Last random PID patch before commit Message-ID: <19991128130432.C33028@november.jaded.net> In-Reply-To: <Pine.BSF.4.21.9911280042420.89688-100000@hub.freebsd.org>; from Kris Kennaway on Sun, Nov 28, 1999 at 01:15:08AM -0800 References: <19991128012420.A48334@spirit.jaded.net> <Pine.BSF.4.21.9911280042420.89688-100000@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
| You seed random() using the current time. This is practically a
| known quantity, since the system boot time is public
| information (you just have to guess the delta until the RNG was
| initialised). Using /dev/random seems much better, as you at least have
| some entropy (to be certain, you could measure how much is in the pool at
| the time the RNG is seeded). I'm not sure why you didn't just use the
| existing arc4random.c implementation, which a) seeds both using the time,
| and whatever is already in the entropy pool at that point, and b) reseeds
| periodically.
Correct. That's probably not the best way of doing it, however, I'm not
convinced that /dev/random is the best way either. My other idea was to
leave key[256] uninitialized and just use whatever happens to be there.
| > static int nextpid = 0;
| >
| > +static int randompid = 0;
| > +SYSCTL_INT(_kern, OID_AUTO, randompid, CTLFLAG_RW, &randompid, 0, "");
| > +
| > int
| > fork1(p1, flags, procp)
| > struct proc *p1;
| > @@ -262,8 +265,8 @@
| > * restart somewhat above 0, as the low-numbered procs
| > * tend to include daemons that don't exit.
| > */
| > - if (nextpid >= PID_MAX) {
| > - nextpid = 100;
| > + if (nextpid >= PID_MAX || randompid) {
| > + nextpid = (randompid) ? arc4random() % PID_MAX : 100;
| > pidchecked = 0;
| > }
|
| You only seem to be randomizing the PIDs in the case when they wrap around
| to 0. OpenBSD have an extra conditional in there which forces this to
| always be the case.
Err. Check that again.
if (nextpid >= PID_MAX *OR* randompid is not zero)
nextpid = 100 if randompid is zero or arc4random() MOD PID_MAX if it
is non zero
| Why not just use the arc4random.c we already have (+ any openbsd changes)
| and tweak it, instead of rewriting from scratch? sys/dev/rnd.c in
| OpenBSD..
A few reasons.
i) At the time, I planned on arc4random.c becoming arc4.c in favour of my
if_vpn that I hope to get around to actually writing. However, it soon
dawned on me that using a stream cipher for an unreliable transmit medium
(ie Internet) is *VERY* stupid (think packet loss).
ii) It's more fun writing it from scratch. :-)
--
Dan Moschuk (TFreak!dan@freebsd.org)
"Try not. Do, or do not. There is no try."
-- Yoda
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991128130432.C33028>