Open daurnimator opened 9 years ago
On linux, I wonder if the process specific keyring (see keys.txt) could help...
On Thu, May 28, 2015 at 06:36:37PM -0700, daurnimator wrote:
On linux, I wonder if the process specific keyring (see keys.txt) could help...
pthread_atfork can be used as the baseline.
The key ring capability looks useful. There are no glibc bindings so would need to use syscall.
OpenBSD has a cleaner feature: minherit + MAP_INHERIT_ZERO. Whenever a fork occurs the specificed pages are automatically zeroed out. They added the flag for use in their arc4random implementation.
The key ring capability looks useful. There are no glibc bindings so would need to use syscall.
I created a POC: https://gist.github.com/daurnimator/dfdbaef3c255bdc11531 and a blog post to accompany
The functions are in keyutils.h
, you don't need to use the syscall directly
^^ This code is currently used to ensure that a forked process will generate different random numbers.
A determined attacker could use pid overflow/wrapping to get the same random number generated more than once.
Related links: