#

On Sat, Jul 19, 2014 at 11:53:50PM +0300, Konstantin Belousov wrote: > On Sat, Jul 19, 2014 at 09:47:12PM +0100, Steven Chamberlain wrote: > > On 19/07/14 20:26, Konstantin Belousov wrote: > > > I think that using sysctl for non-management functionality is wrong. > > > If this feature is for the libraries and applications, and not for > > > system management and introspection utilities, it should be normal > > > syscall. > > > > If this is only to seed the arc4random in userland (with ~256 bytes or > > so), it would be just like OpenBSD getentropy(2)? > > > > Just yesterday, something very similar is proposed for Linux, called > > getrandom(2): > > http://lists.openwall.net/linux-kernel/2014/07/18/329 > > We, in fact, do not use sysctl for seeding SSP canary. Kernel puts > random bytes on stack, and libc fetches them. But it is 64 bytes for > 64-bit platforms, 32 bytes for 32-bit. > > Yes, the interface of the getrandom(2) from the link above looks > reasonable. The big question is, indeed, about its supposed use > models. For one-time seeding of RNG with fixed amount of bytes, > the ELF aux vector mechanism is much less intrusive and faster. I believe the idea here is to have reliable source for reseeding after fork. -- Mateusz Guzik <mjguzik gmail.com> _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"