lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 8 Jun 2007 11:07:16 -0700 (PDT) From: Davide Libenzi <davidel@...ilserver.org> To: Theodore Tso <tytso@....edu> cc: Ulrich Drepper <drepper@...hat.com>, Eric Dumazet <dada1@...mosbay.com>, Kyle Moffett <mrmacman_g4@....com>, Alan Cox <alan@...rguk.ukuu.org.uk>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org>, Ingo Molnar <mingo@...e.hu> Subject: Re: [patch 7/8] fdmap v2 - implement sys_socket2 On Fri, 8 Jun 2007, Theodore Tso wrote: > On Thu, Jun 07, 2007 at 03:40:14PM -0700, Davide Libenzi wrote: > > Yes. Files with the CLOFORK and CLOEXEC flag do not count for fork and > > exec copies. > > I was also planning on doing it in __put_unused_fd(), every time > > fmap->count goes to zero. But get_random_int() is not as cheap as I > > thought. If we use a cheaper (although less secure) function to mix pid & > > jiffies, we could do it even in there. > > Um, how cheap do you need it? get_random_int() is actually pretty > cheep, since it was designed to be usable by the networking stack for > sequence numbers for TCP packets; and it's not like sys_close() or > sys_open() is a majorly critical path, is it? If the concern is > increasing the potential hold time, I suppose you could have the > exactly two callers of __put_unused_fd() (sys_close() and > put_unused_fd()) call get_random_int() before grabbing the > current->files->file_lock spinlock, I'm actually using get_random_int() in the slow path (fmap creation time). It does a few things get_random_int(), and one of those is an MD4 transform. This does not need to be super secure (the Unix allocator has been exactly predicatble for years), so maybe a cheaper combination of the previous base (generated with get_random_int) together with jiffies and pid is enough. I really would not want to put something like an MD4 transform in that path. - Davide - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists