search for: wipeonfork

Hi! > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > Unfortunately, the same problem surfaces when a virtual machine gets > cloned. The existing flag does not help there. This patch introduces a > new flag to automatically clear memory contents on VM suspend/resume, > which will allow random number generators to...

Hi! > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > Unfortunately, the same problem surfaces when a virtual machine gets > cloned. The existing flag does not help there. This patch introduces a > new flag to automatically clear memory contents on VM suspend/resume, > which will allow random number generators to...

...is a clear source of the signal IIUC > > (migration) and there are consumers to act upon that (e.g. crypto > > backends). So what does really prevent to use a standard signal delivery > > over fd for this usecase? > > I wasn't part of the discussions on why things like WIPEONFORK were invented > instead of just using signalling mechanisms, but the main reason I can think > of are libraries. Well, I would argue that WIPEONFORK is conceptually different. It is one time initialization mechanism with a very clear life time semantic. So any programming model is really as...

...te: > > Cryptographic libraries carry pseudo random number generators to > > quickly provide randomness when needed. If such a random pool gets > > cloned, secrets may get revealed, as the same random number may get > > used multiple times. For fork, this was fixed using the WIPEONFORK > > madvise flag [1]. > > > Unfortunately, the same problem surfaces when a virtual machine gets > > cloned. The existing flag does not help there. This patch introduces a > > new flag to automatically clear memory contents on VM suspend/resume, > > which will allow...

...t amazon.com> wrote: > Cryptographic libraries carry pseudo random number generators to > quickly provide randomness when needed. If such a random pool gets > cloned, secrets may get revealed, as the same random number may get > used multiple times. For fork, this was fixed using the WIPEONFORK > madvise flag [1]. > > Unfortunately, the same problem surfaces when a virtual machine gets > cloned. The existing flag does not help there. This patch introduces a > new flag to automatically clear memory contents on VM suspend/resume, > which will allow random number generators...