From nobody Sat Aug 24 13:53:45 2024 X-Original-To: bugs@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WrdhB2Yktz5T9DB for ; Sat, 24 Aug 2024 13:53:46 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Wrdh96hwcz41Wd for ; Sat, 24 Aug 2024 13:53:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1724507625; a=rsa-sha256; cv=none; b=w3/ikafeVocwRe3dG8YqsJrO0P/8LD+5mpaI/vUuvStfn0u0IWYHjYS1xAeay+kQr7L9bl D4bI46mT+BXyZuUsCIUTx0IgOwTy397GouxV3jgMQ2lWZz/G+1o2JNFmKVWx8I6Vzj7dEm LevJAOQrautSKVhEdqEo7WgpBobJTK+7kkcJne+/dVDq9Sm9yHfQh40rDmDbxIUqsgZR4H faotf1JAFS52OykvEAcgE1RkccYj322NV/SM2jz4tJtPmlsV+52Kg8igQlkuImh1rGk1xx 4DS+qo2wjc1grHtlFBIMcZJ3MYR8pmOOvgQvmjc/fsQiQRjVhSP+XnRqU5QgnQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1724507625; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=n1vJEeuEycTJPwhfGSF1LdtcqcU8Jk44MTX0YmsXoG8=; b=Mio1POXeHyEZaaL/i0kYDakBWfWEfTwrzzI4jRqLrmr3Lgldm3342hkHwzmw9AlESD3aFh Xv2V/3r9yabm4vTTXquPdxcPVUwFzKntir85oI4Zsq3hhdHXCONOXYkuMPOP1bpHjECd3d xpKGC/FAzVx5xG0wluC1SVgOglWoaqvpHxWDKlcAQhis6MZxJXUVxMe5s8n+NIDmR2rDhB 7OJrW8ujGMGDsmkBsoy/XRojVhuyHo72Sk/EcrlQLY1f/Cy0Vs2aip1wth1y3O+EnhSbRT h53Fj+Jnlo6a5uKrfTDXY71btByc2pttEzvsR7BaN/z2Ze58iy1bkzWU08THYg== Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Wrdh96KL7zxTL for ; Sat, 24 Aug 2024 13:53:45 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 47ODrjCO004477 for ; Sat, 24 Aug 2024 13:53:45 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 47ODrj65004476 for bugs@FreeBSD.org; Sat, 24 Aug 2024 13:53:45 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 281032] arc4random does not protect against VM forks Date: Sat, 24 Aug 2024 13:53:45 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: Unspecified X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: jonas.boettiger@icloud.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: bugs@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated List-Id: Bug reports List-Archive: https://lists.freebsd.org/archives/freebsd-bugs List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-bugs@FreeBSD.org MIME-Version: 1.0 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D281032 Bug ID: 281032 Summary: arc4random does not protect against VM forks Product: Base System Version: Unspecified Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: jonas.boettiger@icloud.com Hi everyone! I'm a maintainer of the Rust standard library. Our API team has decided to include facilities for randomness into the standard library, in particular giving access to the system's secure random number generator[1]. The idea h= ere is to make cryptographic strength the default to ensure security even when = our users don't make the best decisions. As obviously this API will be used by = some even when cryptographic strength isn't really needed =E2=80=93 and even if = it is =E2=80=93, we'd like to choose the fastest API available on the system that still has = the required properties.=20 For this, given that it resides in userspace, arc4random_buf(3) seems to be= the ideal candidate, leading me to implement this new API on top of it on BSD-l= ike platforms[2]. Unfortunately, I've discovered that it does not reseed on VM fork, making it considerably less secure than the getrandom(2) syscall and = the associated kernel RNG system which incorporates the VM generation ID into t= he entropy pool upon receiving the respective ACPI signal and thereby ensures = that the random data returned will be different across VMs cloned from the same snapshot. As far as I could tell, the new Fenestras X RNG already includes a mechanis= m to reseed arc4random by updating a generation counter in the vDSO whenever necessary, but I could not confirm that this happens immediately on VM fork. Regardless, the default Fortuna RNG definitely does not do so, thus weakeni= ng the strength of arc4random_buf(3). I think this would be fixed by arc4random unconditionally checking a kernel entropy pool generation counter and immediately updating it in the kernel u= pon VM fork, or by forwarding arc4random to getrandom and adding a vDSO version= of it like Linux did recently. All the best, Jonas Links: [1]: https://github.com/rust-lang/libs-team/issues/393 [2]: https://github.com/rust-lang/rust/pull/129201 --=20 You are receiving this mail because: You are the assignee for the bug.=