Re: Is fork() hook ever possible?

From: Andrey Chernov <ache_at_freebsd.org> Date: Sat, 12 Nov 2011 14:22:41 +0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:20 UTC

On Tue, Sep 16, 2008 at 04:19:32PM -0400, David Schultz wrote:
> secteam_at_ already agreed to the idea of solving the fork problem as
> in OpenBSD over a month ago. 

On Wed, Sep 17, 2008 at 12:50:25PM +0400, Andrey Chernov wrote:
> I agree with your patch (BTW you can remove unneded #define RANDOMDEV).

The question remains: why you don't commit this patch all that 3 
years, having secteam_at_ and mine agreements too?

> --- /usr/ob/src/lib/libc/crypt/arc4random.c	2008-06-03 20:50:23.000000000 -0400
> +++ arc4random.c	2008-08-16 15:14:59.000000000 -0400
> _at__at_ -34,21 +34,22 _at__at_
>   * RC4 is a registered trademark of RSA Laboratories.
>   */
>  
> +#include <sys/cdefs.h>
> +__FBSDID("$FreeBSD: head/lib/libc/gen/arc4random.c 181261 2008-08-03 20:15:22Z ache $");
> +
> +#include "namespace.h"
>  #include <fcntl.h>
>  #include <limits.h>
>  #include <stdlib.h>
>  #include <unistd.h>
> +#include <pthread.h>
>  #include <sys/types.h>
>  #include <sys/param.h>
>  #include <sys/time.h>
>  #include <sys/sysctl.h>
> -#include "thread_private.h"
>  
> -#ifdef __GNUC__
> -#define inline __inline
> -#else				/* !__GNUC__ */
> -#define inline
> -#endif				/* !__GNUC__ */
> +#include "libc_private.h"
> +#include "un-namespace.h"
>  
>  struct arc4_stream {
>  	u_int8_t i;
> _at__at_ -56,6 +57,21 _at__at_
>  	u_int8_t s[256];
>  };
>  
> +static pthread_mutex_t	arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
> +
> +#define	RANDOMDEV	"/dev/urandom"
> +#define	_ARC4_LOCK()						\
> +	do {							\
> +		if (__isthreaded)				\
> +			_pthread_mutex_lock(&arc4random_mtx);	\
> +	} while (0)
> +
> +#define	_ARC4_UNLOCK()						\
> +	do {							\
> +		if (__isthreaded)				\
> +			_pthread_mutex_unlock(&arc4random_mtx);	\
> +	} while (0)
> +
>  static int rs_initialized;
>  static struct arc4_stream rs;
>  static pid_t arc4_stir_pid;
> _at__at_ -114,9 +130,9 _at__at_
>  
>  	/*
>  	 * Discard early keystream, as per recommendations in:
> -	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
> +	 * "(Not So) Random Shuffles of RC4" by Ilya Mironov.
>  	 */
> -	for (i = 0; i < 256; i++)
> +	for (i = 0; i < 1024; i++)
>  		(void)arc4_getbyte();
>  	arc4_count = 1600000;
>  }
> _at__at_ -135,6 +151,7 _at__at_
>  	return (rs.s[(si + sj) & 0xff]);
>  }
>  
> +#if 0
>  u_int8_t
>  __arc4_getbyte(void)
>  {
> _at__at_ -147,6 +164,7 _at__at_
>  	_ARC4_UNLOCK();
>  	return val;
>  }
> +#endif
>  
>  static inline u_int32_t
>  arc4_getword(void)

-- 
http://ache.vniz.net/