ProPolice: best way to fill canary

Sam Leffler sam at
Sat Jul 9 17:15:01 GMT 2005

Jeremie Le Hen wrote:
> Hi Mike,
> On Fri, Jul 08, 2005 at 07:22:13PM -0500, Mike Silbersack wrote:
>>On Fri, 8 Jul 2005, Jeremie Le Hen wrote:
>>>The second method requires to introduce the kern.arnd sysctl
>>>(KERN_ARND).  FYI, note that NetBSD has kern.urandom (KERN_URND) and
>>>they define KERN_ARND to be an alias to this.
>>I don't see any problem with introducing such a sysctl, if it would make 
>>the propolice patch simpler.
> Thanks for you answer.  In that case, which sysctl should we use ?
> 	* OpenBSD's kern.arnd (KERN_ARND) which is a front-end to
> 	  the arc4random() function ?
> 	* NetBSD's kern.urandom (KERN_URND) which is using the rnd(4)
> 	  pseudo-device.  They also have KERN_ARND in sysctl.h, which
> 	  is no more than a #define of KERN_URND, for compatibility
> 	  with OpenBSD.
> Usually, I noticed that FreeBSD used to be as close as possible with
> NetBSD.  But I would like to hear the voice of a more experienced
> hacker about this.

I asked a certain person to add the obsd sysctl long ago but it never 


More information about the freebsd-hackers mailing list