freebsd security - Mar 2017 - arc4random weakness

Steven Chamberlain wrote:
> Please consider switching to ChaCha20 in the long term (kern/182610),
> but right now, at least increase the amount of early keystream that is
> discarded.
Many, many thanks delphij+so for applying the latter change so quickly!

Also it is great to see INHERIT_ZERO was added to mmap(2)!

(It will avoid the overhead of a getpid(2) syscall on every call to
arc4random_buf(3) to determine if reseeding is needed.  That wasn't
guaranteed reliable anyway;  if you have forked twice, then by
chance/manipulation the new pid *could* be the same as the ancestor's).

Thanks!
Regards,
-- 
Steven Chamberlain
steven at pyro.eu.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 648 bytes
Desc: Digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170315/831271b3/attachment.sig>

On 15.03.2017 16:06, Steven Chamberlain wrote:
> Also it is great to see INHERIT_ZERO was added to mmap(2)!
It is not so great. For a program which forks very often zeroing even
one page will be slowdown. It will be better and faster to implement it
as fork syscall wrapper setting single variable, as it already done for
threaded lib.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170315/8b52dd77/attachment.sig>