Voodoo coding
Voodoo coding
Posted Jul 14, 2014 19:46 UTC (Mon) by wahern (subscriber, #37304)In reply to: Voodoo coding by cesarb
Parent article: First Release of LibreSSL Portable Available
So sysctl({CTL_KERN, KERN_RANDOM, RANDOM_UUID}) is no longer a viable alternative. The only way to directly access kernel randomness is through an open reference to /dev/urandom or /proc/sys/kernel/random/uuid (the /proc sysctl interface).
That's the crux of the issue. If sysctl was still available then all would be well, other than some bickering over a sysctl versus a dedicated syscall interface.
In short: sysctl(2) is dead for all practical purposes on Linux. Now Linux behaves pretty much like Solaris, which never had sysctl (a later BSD extension). A lack of sysctl is one of the most annoying things about Solaris (although that's a long list).
OS X's arc4random also relies on /dev/urandom, since it copied an early FreeBSD implementation from before FreeBSD added sysctl({CTL_RAND, KERN_ARND}). And it will silently fail if /dev/urandom isn't visible when it initially seeds! And although I've long tried to support systems like OS X, Solaris, and FreeBSD<10.0 which lacked a kernel entropy syscall, I've always considered them second-class citizens in this regard, and willing to live with a disclaimer about possible issues. But now that Linux is second-class in this regard, it's a much more intolerable situation.
Posted Jul 14, 2014 20:05 UTC (Mon)
by alonz (subscriber, #815)
[Link] (4 responses)
Posted Jul 14, 2014 20:42 UTC (Mon)
by wahern (subscriber, #37304)
[Link] (3 responses)
Nice. I was unaware of that interface, although it doesn't help with forking, etc.
But it looks like Linux finally supports a fork-safe issetugid implementation. Linux was one of the last systems which didn't provide issetugid or a similar interface for detecting whether the current process or (crucially) an ancestor was setuid or setgid. glibc had a hack in its loader for supporting secure_getenv and similar behavior, but it wasn't guaranteed to work in children because it depended on the real and effective IDs being different, which wouldn't be the case if you effectively dropped privileges.
Posted Jul 14, 2014 21:20 UTC (Mon)
by wahern (subscriber, #37304)
[Link] (2 responses)
The BSDs and Solaris implement the correct behavior, as does Linux's new getauxval(AT_SECURE). That is, the status is inherited across fork but not exec.
Posted Jul 15, 2014 16:41 UTC (Tue)
by busterb (subscriber, #560)
[Link] (1 responses)
Solaris 10 and 11.0 also apparently have issues with issetugid, though it kind-of works (they apparently didn't patch it for 10 because not enough software used it yet?)
http://mcarpenter.org/blog/2013/01/15/solaris-issetugid(2)-bug
Though there are more issues building on Solaris 10 so far, so we haven't crossed that bridge yet.
Posted Jul 15, 2014 16:55 UTC (Tue)
by busterb (subscriber, #560)
[Link]
test: main: issetugid: 1
Posted Jul 14, 2014 20:23 UTC (Mon)
by wahern (subscriber, #37304)
[Link]
By the way—another underutilized source of entropy in Linux programs is the vector returned by getauxval(AT_RANDOM). Sure, it is intended for use by libc (e.g. to produce stack canaries), but when nothing else is available, it can be very valuable.
Voodoo coding
Voodoo coding
Voodoo coding
Voodoo coding
Voodoo coding
test: parent: issetugid: 1
test: parent: uid: 1000
test: parent: euid: 0
test: child: issetugid: 0
test: child: uid: 1000
test: child: euid: 0
Voodoo coding