Date: Sat, 19 Jul 2014 13:17:36 -0700 From: John-Mark Gurney <jmg@funkthat.com> To: Konstantin Belousov <kostikbel@gmail.com> Cc: freebsd-security@freebsd.org, Steven Chamberlain <steven@pyro.eu.org> Subject: Re: Speed and security of /dev/urandom Message-ID: <20140719201736.GN45513@funkthat.com> In-Reply-To: <20140719192605.GV93733@kib.kiev.ua> References: <53C85F42.1000704@pyro.eu.org> <20140719190348.GM45513@funkthat.com> <20140719192605.GV93733@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Konstantin Belousov wrote this message on Sat, Jul 19, 2014 at 22:26 +0300: > On Sat, Jul 19, 2014 at 12:03:48PM -0700, John-Mark Gurney wrote: > > So, my suggestions: > > 1) Convert arc4random(9) in the kernel to use the random pool as > > /dev/random uses. I vaguely remeber there being an issue w/ > > arc4random(9) being used early in boot before /dev/random is > > initalized which would complicate this change... > > 2) Convert arc4random(3) to use the sysctl, and if the sysctl fails, > > kill the process. > I think that using sysctl for non-management functionality is wrong. > If this feature is for the libraries and applications, and not for > system management and introspection utilities, it should be normal > syscall. Though in the past we've been discouraged from adding new syscalls, why, I don't know... I'm fine w/ this, though we have had the sysctl for over 7 years.. so, using a sysctl will introduce anoying backward compatibility issues, do you call back to the sysctl when the syscall isn't there? how do you make the new code handle old OS's? We can't remove arc4rand since old apps depend upon it... apprently the sysctl was added for SSP: https://svnweb.freebsd.org/changeset/base/169727 > Being syscall, it also solves the issue of backward-compatibility, > i.e. a new code, running on old kernel, get SIGSYS when using > non-existing syscall. If application is so sophisticated that > it want to handle the situation, it can, by installing a signal > handler. Otherwise, it is terminated automatically. Though broken applications (which there are many), could install SIGSYS and ignore it still.. :) broken apps are broken, not handling an error is broken.. yes it's easier w/ SIGSYS, but not perfect... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140719201736.GN45513>