-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PRNG not fork-safe on FreeBSD #17
Comments
You need to take this up with FreeBSD - If arc4random is provided by the OS
In a nutshell, our policy is generally
On Wed, Jul 16, 2014 at 2:27 PM, jiixyj notifications@github.com wrote:
|
.. and to put it into context, I don't know of any piece of software in our On Wed, Jul 16, 2014 at 2:32 PM, Bob Beck beck@obtuse.com wrote:
|
Just a bit of trivia that I think may need to be taken into account: OpenBSD 5.5's arc4random() call actually uses ChaCha20 and not {,A}RC4. As far as I know, Linux and other BSDs' arc4random() functions have not caught up with this. |
That little point is not important for that discussion. The fix would be On Wed, Jul 16, 2014 at 2:59 PM, Jan notifications@github.com wrote:
|
Thanks for your quick response. Sadly, all implementations of arc4random that I've looked at (except OpenBSD's) are not 100% fork safe. OS X's arc4random apparently is so bad that LibreSSL uses getentropy_osx.c instead.
I'm not sure what the best solution is. All of them place some burden on the user. But then again, I agree that the example from the article may be a bit contrived. I just fear it might be somehow exploitable. |
Sorry guys, we have to draw the line at what are supposed to be safe primitives. If your operating system provides getentropy() or arc4random() they should be equivalent to the reference implemention (On OpenBSD). If they have flaws, this is a bug in your operating system, not in LibreSSL. Failing that we make fixing the operating system our problem - which as we have seen already drags out the fun types who prefer to report bugs through yellow journalism than any other way. Going forward we want to have less compatibility layer in here, not more. |
Hi,
LibreSSL uses the arc4random function directly on FreeBSD. The implementations of arc4random on FreeBSD and possibly other systems, such as NetBSD and DragonFly BSD, suffer from the PID wraparound issue described here: https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux.
I'm not sure how to implement a stir-less API on FreeBSD that can properly deal with forking. There does not seem to be anything like MAP_INHERIT_ZERO. There is "pthread_atfork(NULL, NULL, arc4random_stir)", but that is only available when using pthreads.
The text was updated successfully, but these errors were encountered: