User: Password:
|
|
Subscribe / Log in / New account

getauxval() and the auxiliary vector

getauxval() and the auxiliary vector

Posted Oct 11, 2012 21:20 UTC (Thu) by luto (subscriber, #39314)
Parent article: getauxval() and the auxiliary vector

Can glibc also give me a good random seed? Take AT_RANDOM, use it to seed some simple PRNG, keep the first chunk of output for a stack canary, and give me the rest. (The PRNG could be as simple as using an MGF or some large-output hash. Something like SHA-3 could be used for this purpose, since Keccak can produce any amount of output, sequentially.)

Currently AFAIR glibc zeros AT_RANDOM after using it for its own nefarious purposes.


(Log in to post comments)

getauxval() and the auxiliary vector

Posted Oct 12, 2012 12:03 UTC (Fri) by njwhite (guest, #51848) [Link]

(with apologies for the embarassing levels of ignorance this likely displays)

Could other applications read your auxiliary vector, and hence the seed you're using? Would this then have much effect on the guessability of subsequent random numbers?

getauxval() and the auxiliary vector

Posted Oct 12, 2012 16:44 UTC (Fri) by mina86 (subscriber, #68442) [Link]

I don't think that's a real problem. The random bytes are not available to outside applications (unless they trace it like debuggers or strace do, but in this case, it would be easier to just read the random seed or just overwrite the seed).

getauxval() and the auxiliary vector

Posted Oct 12, 2012 16:42 UTC (Fri) by mina86 (subscriber, #68442) [Link]

With this piece of code: https://gist.github.com/3880154 and glibc 2.11 I'm able to get some value of AT_RANDOM. Checking whether glibc simply leaves it be or it fills it with some other random data is left as an exercise for the reader. ;)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds