| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081007014429.GU10357@outflux.net> Date: Mon, 6 Oct 2008 18:44:29 -0700 From: Kees Cook <kees.cook@...onical.com> To: Ulrich Drepper <drepper@...hat.com> Cc: Roland McGrath <roland@...hat.com>, Andi Kleen <andi@...stfloor.org>, linux-kernel@...r.kernel.org, Jakub Jelinek <jakub@...hat.com>, libc-alpha@...rceware.org Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use On Mon, Oct 06, 2008 at 05:57:48PM -0700, Ulrich Drepper wrote: > Kees Cook wrote: > > It sounds like it's not very safe, > > Then investigate it. As was suspected, each int is the same. > > but on the other hand, glibc doesn't really care? > > Of course we care. Especially for SUID and uid==0 binaries. I meant based on what was said about "if it's as strong as the ASLR randomness, it's good enough for this". While the ultimate solution would be to bolt a better PRNG into the kernel, is the following good enough for now for glibc: $ ./rands 0x2b 0x06 0xb7 0x53 0x2b 0x06 0xb7 0x53 0x2b 0x06 0xb7 0x53 0x2b 0x06 0xb7 0x53 $ ./rands 0xc2 0xb5 0x42 0xdc 0xc2 0xb5 0x42 0xdc 0xc2 0xb5 0x42 0xdc 0xc2 0xb5 0x42 0xdc $ ./rands 0x5f 0x39 0xc6 0xc0 0x5f 0x39 0xc6 0xc0 0x5f 0x39 0xc6 0xc0 0x5f 0x39 0xc6 0xc0 $ ./rands 0xfb 0x4a 0x82 0xbd 0xfb 0x4a 0x82 0xbd 0xfb 0x4a 0x82 0xbd 0xfb 0x4a 0x82 0xbd -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists