This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] ELF: implement AT_RANDOM for future glibc use

From: Kees Cook <kees dot cook at canonical dot com>
To: Roland McGrath <roland at redhat dot com>
Cc: Andi Kleen <andi at firstfloor dot org>, linux-kernel at vger dot kernel dot org, Jakub Jelinek <jakub at redhat dot com>, Ulrich Drepper <drepper at redhat dot com>, libc-alpha at sourceware dot org
Date: Mon, 6 Oct 2008 17:31:19 -0700
Subject: Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
References: <48E3EFD6.2010704@redhat.com> <20081001215657.GH12527@outflux.net> <20081001220948.GC32107@sunsite.ms.mff.cuni.cz> <20081001222706.68E7E1544B4@magilla.localdomain> <20081003001616.GN10632@outflux.net> <87ej2untze.fsf@basil.nowhere.org> <20081006175038.GF10357@outflux.net> <20081006192641.GI3180@one.firstfloor.org> <20081006220759.GM10357@outflux.net> <20081006235827.59306154271@magilla.localdomain>

On Mon, Oct 06, 2008 at 04:58:27PM -0700, Roland McGrath wrote:
> What mmap randomization and stack randomization actually use is
> get_random_int(), not get_random_bytes().  This is one of those weaker
> flavors seeded occasionally from the real entropy pool.  (As is, it's not a
> good choice for getting 16 bytes of random at once, since it usually
> returns the same 4 bytes each time when called 4 times in quick succession.)
> 
> What glibc wants is some bits with a strength of randomness chosen by the
> kernel, and not to worry about the details.  I think the strength applied
> to mmap and stack randomization is good enough for AT_RANDOM.

Is this email a vote for or against doing:

+       k_rand_bytes[0] = get_random_int();
+       k_rand_bytes[1] = get_random_int();
+       k_rand_bytes[2] = get_random_int();
+       k_rand_bytes[3] = get_random_int();

It sounds like it's not very safe, but on the other hand, glibc doesn't
really care?

-- 
Kees Cook
Ubuntu Security Team

Follow-Ups:
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Ulrich Drepper

References:
- Re: randomized stack protector value
  - From: Ulrich Drepper
- Re: randomized stack protector value
  - From: Kees Cook
- Re: randomized stack protector value
  - From: Jakub Jelinek
- Re: randomized stack protector value
  - From: Roland McGrath
- [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Kees Cook
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Andi Kleen
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Kees Cook
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Andi Kleen
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Kees Cook
- Re: [PATCH] ELF: implement AT_RANDOM for future glibc use
  - From: Roland McGrath

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]