This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH v5] ELF: implement AT_RANDOM for glibc PRNG seeding


On Tue, 21 Oct 2008 13:22:18 -0700 Ulrich Drepper <drepper@redhat.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Andrew Morton wrote:
> > I read the above changeloglet and read the above-linked page and it's
> > still 87% unclear to me what this feature does.  Something to do with
> > stack randomisation, apparently.  I suppose I could go do further
> > hunting, but from the quality-of-changelog POV I don't think I should
> > need to do so.
> 
> Not stack randomization.  glibc needs right after startup a bit of
> random data for internal protections (stack canary etc).  What is now in
> upstream glibc is that we always unconditionally open /dev/urandom, read
> some data, and use it.  For every process startup.  That's slow.
> 
> In addition Andi mentioned that this use of /dev/urandom might be
> problematic.  I let him explain this.
> 
> The solution is to provide a limited amount of random data to the
> starting process in the aux vector.  I suggested 16 bytes and this is
> what the patch implements.  If we need only 16 bytes or less we use the
> data directly.  If we need more we'll use the 16 bytes to see a PRNG.
> This avoids the costly /dev/urandom use and it allows the kernel to use
> the most adequate source of random data for this purpose.  It might not
> be the same pool as that for /dev/urandom.
> 

Thanks.

> > It's unclear to me that the random-number issue got sorted out?
> 
> I think the last patch used the normal function to get 16 random bytes,
> equivalent to the data used for stack randomization etc.
> 
> If Andi has concrete proposals for a revamp of the use of entropy in the
> kernel this can be easily done as an add-on.  This patch doesn't make
> the situation worse, it doesn't deplete entropy more than it happens now.
> 

True.

As long as glibc doesn't do the /dev/urandom read when the kenrel has
already done that.  I assume that it will do so, until AT_RANDOM-aware
glibc has propagated out?


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]