Is fork() hook ever possible?
max at love2party.net
Tue Sep 16 19:48:27 UTC 2008
On Tuesday 16 September 2008 18:45:58 Andrey Chernov wrote:
> On Tue, Sep 16, 2008 at 06:27:07PM +0200, Max Laier wrote:
> > On Tuesday 16 September 2008 16:03:20 Andrey Chernov wrote:
> > > I need some sort of fork() hook to detect that pid is changed to
> > > re-stir ar4random() after that (in the child), simple flag variable
> > > with child's pid is needed.
> > >
> > > Currently OpenBSD does almost that checking getpid() every time
> > > arc4random() called, but it is very slow way to use getpid() syscall
> > > repeatedly, about 12-15 times slower than just arc4random() without
> > > getpid().
> > >
> > > Any ideas?
> > I guess the goal here is not to leak the state of the seed to the child,
> > right?
> > Wouldn't it be easier to do something like this in libc's fork():
> > arc4random_stir(); /* create a new seed for the child */
> > fork_syscall();
> > if (parent)
> > arc4random_stir(); /* create a new seed for the parent */
> > This should solve the problem and doesn't require any handling in
> > arc4random. Of course, programs that call the fork syscall directly won't
> > benefit, but then again ... they are using the syscall directly and
> > should know what they are doing, right?
> Calling arc4random_stir() inside fork() will slow down fork() and is not
> acceptable because of it.
Slow down here. You haven't answered my question. What exactly is the issue
this is supposed to fix? Do we want to prevent a child from knowing what the
next few arc4random outputs of its parent will be? Or are we only concerned
that the next few arc4random of the parent and child should not be the same?
If the former, there is no way around destroying the state of the seed prior
If the latter ...
On Tuesday 16 September 2008 19:21:37 Daniel Eischen wrote:
> Could you add a new interface, arc4random_setstir() or something,
> to set a flag that indicates a stir should be done at the next
... this certainly is the right solution. arc4random() should not care about
pids and such - IMHO, of course.
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
More information about the freebsd-current