| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20081007003119.GS10357@outflux.net> Date: Mon, 6 Oct 2008 17:31:19 -0700 From: Kees Cook <kees.cook@...onical.com> To: Roland McGrath <roland@...hat.com> Cc: Andi Kleen <andi@...stfloor.org>, linux-kernel@...r.kernel.org, Jakub Jelinek <jakub@...hat.com>, Ulrich Drepper <drepper@...hat.com>, libc-alpha@...rceware.org Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use On Mon, Oct 06, 2008 at 04:58:27PM -0700, Roland McGrath wrote: > What mmap randomization and stack randomization actually use is > get_random_int(), not get_random_bytes(). This is one of those weaker > flavors seeded occasionally from the real entropy pool. (As is, it's not a > good choice for getting 16 bytes of random at once, since it usually > returns the same 4 bytes each time when called 4 times in quick succession.) > > What glibc wants is some bits with a strength of randomness chosen by the > kernel, and not to worry about the details. I think the strength applied > to mmap and stack randomization is good enough for AT_RANDOM. Is this email a vote for or against doing: + k_rand_bytes[0] = get_random_int(); + k_rand_bytes[1] = get_random_int(); + k_rand_bytes[2] = get_random_int(); + k_rand_bytes[3] = get_random_int(); It sounds like it's not very safe, but on the other hand, glibc doesn't really care? -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists