svn commit: r238118 - head/lib/libc/gen

Andrey Chernov ache at FreeBSD.ORG
Wed Jul 4 20:32:48 UTC 2012 

On Wed, Jul 04, 2012 at 11:02:20PM +0300, Konstantin Belousov wrote:
> On Wed, Jul 04, 2012 at 07:51:25PM +0000, Pawel Jakub Dawidek wrote:
> > Author: pjd
> > Date: Wed Jul  4 19:51:25 2012
> > New Revision: 238118
> > URL: http://svn.freebsd.org/changeset/base/238118
> > 
> > Log:
> >   Prefer sysctl to open/read/close for obtaining random data.
> >   This method is more sandbox-friendly and also should be faster as only
> >   one syscall is needed instead of three.
> >   In case of an error fall back to the old method.
> >   
> >   Reviewed by:	simon, gleb
> >   MFC after:	2 weeks
> IMO it is weird and against a purpose of sysctl that kern.arand sysctl
> exists at all. I would prefer to not spread its usage more. We have
> to keep it to preserve ABI compatibility, but I do not think that the
> location for random data provider is right, not to mention higher
> overhead of sysctl machinery.

1) /dev/urandom may not exist in jails/sandboxes while sysctls (or old way 
initialization) always exists.
2) Current NetBSD code uses KERN_URND we don't have.
3) Current OpenBSD code uses KERN_ARND as in the change committed.
4) Our KERN_ARND initially is initialized only from from the weak value at 
the boot stage.
5) I already provide two working patches (one with atomic and another 
one without) to bypass issue 4) but they are never committed by person 
who promise to handle them (markm@ CCed) for the reason unknown and I 
can't do it by myself due to stupid secteam@ 5 years old ban.
6) So, current KERN_ARND way gives weak randomness for just started after 
boot programs and should be fixed by either my patches mentioned in 5) or 
by implementing KERN_URND as in NetBSD.
Note that the initial ARND seeding problem does not exist in OpenBSD since 
they use different KERN_ARND implementation.

(besides usage in arc4random code I think KERN_ARND should be fixed in 
anycase)

-- 
http://ache.vniz.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/svn-src-head/attachments/20120704/ed81c237/attachment.pgp

More information about the svn-src-head mailing list