Received: by 2002:ac0:e34a:0:0:0:0:0 with SMTP id g10csp722537imn; Tue, 26 Jul 2022 07:39:46 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uMclt5XOtRPn23LkBEWC3w2zPYc2I1pvtRi3rqr5qJ195K8HmU1mrNfJdx7gBh4seuNG84 X-Received: by 2002:a05:6402:48:b0:43a:caa8:756b with SMTP id f8-20020a056402004800b0043acaa8756bmr18308681edu.112.1658846385935; Tue, 26 Jul 2022 07:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1658846385; cv=none; d=google.com; s=arc-20160816; b=cWrOiofUUt1+12Jg49TzL6Hcs8Cz385ir+TOUNv81aMa/B2/9cwi+iyJ/YfQQwqxhv e21dvdYKGVmggVJ2G8PtMMOXuTyUJLrepN9oPwxw7YulWpPNWdSNxetsbzdqSlYdFS4Y 2fTxsEo2hyxoXaWRCEFN0KQvv6t6hRwHjFkdcOdiaLoxwURdHEhXvwGJu6bMU1E9pXkP NZ/LuxDGFSHa4E+mPv66QBUU9y+p2HAAp37yhSgbOd+veQo9AUmu5Sa3dan9S390hvmB 50KxIPiIaK3+itUVigNzBiVvspEadnizbavNUuZ1o2kvZd3zWi2BoESHdKc6leIBqU// GNZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=o1k02q53oLSoCGEaLKDATnd3ifXWQARljwdQoJencko=; b=FTPKmPuGU32dXTyyvviBxYtOxgaDRZtz9Y1U1CjztnPlSh1eYpNFchgrQl8Z7ONrTX 6pVKLU6DA1KqESrTCHnMIh2P55mNzYW8qxN/wSc5s0ipIfzINMWPt/s7qtZcAtultkPt Px+79d4kn3uQ8HasYwTRHGRUVRFXbPRBwlYCGLZpOJrwMCHrxUm2rickxJr/cr3vp3Eu BRbaeyfpeizTXMSXPA0kmoj08msWobnaAt743rAL1KV33UXGkbiJTOX/zcSFt5oaxdMD sMVqJoq6Mlm9FjbP5OsJi0AmGi7TXH4t2IPyZ4mXzhw9jqlhiJF2/4wtL1uRdi2/oe6c wbBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ouvaton.org header.s=default header.b=vAC0OGTy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ouvaton.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c2-20020a170906154200b007262b3cd387si13714034ejd.421.2022.07.26.07.39.18; Tue, 26 Jul 2022 07:39:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ouvaton.org header.s=default header.b=vAC0OGTy; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=ouvaton.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233379AbiGZOdm (ORCPT + 99 others); Tue, 26 Jul 2022 10:33:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43312 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239346AbiGZOdl (ORCPT ); Tue, 26 Jul 2022 10:33:41 -0400 X-Greylist: delayed 369 seconds by postgrey-1.37 at lindbergh.monkeyblade.net; Tue, 26 Jul 2022 07:33:37 PDT Received: from ouvsmtp1.octopuce.fr (ouvsmtp1.octopuce.fr [194.36.166.50]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54A4E2DAA7 for ; Tue, 26 Jul 2022 07:33:37 -0700 (PDT) Received: from panel.vitry.ouvaton.coop (unknown [194.36.166.20]) by ouvsmtp1.octopuce.fr (Postfix) with ESMTPS id 69556AC4; Tue, 26 Jul 2022 16:27:26 +0200 (CEST) Received: from [192.168.0.20] (unknown [83.159.33.34]) by panel.vitry.ouvaton.coop (Postfix) with ESMTPSA id B1A7B5E26E6; Tue, 26 Jul 2022 16:27:25 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ouvaton.org; s=default; t=1658845646; bh=o1k02q53oLSoCGEaLKDATnd3ifXWQARljwdQoJencko=; l=1119; h=Subject:To:From; b=vAC0OGTyEJ9ckqmM0XJHgk2uadAwxS0mdpjrzhL9CC+hrWE8r8fDzY7rhgefJFFAE GAPywuIjCrgaUMQJY9RBYyHExTdD2VWcRRscEHqdihxLxxvK4W3UjEVbQP6X8SjJCU B8PZtIV2T7lRkNpmgbwwkfdoM1VmKqHeWuqL8zGo= Message-ID: Date: Tue, 26 Jul 2022 16:27:25 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0 Subject: Overwrittting AT_RANDOM after use (was Re: arc4random - are you sure we want these?) Content-Language: fr-FR To: Florian Weimer , "Jason A. Donenfeld via Libc-alpha" Cc: "Jason A. Donenfeld" , Yann Droneaud , Michael@phoronix.com, linux-crypto@vger.kernel.org, jann@thejh.net, dalias@libc.org References: <87bktdsdrk.fsf@oldenburg.str.redhat.com> <87v8rlqscj.fsf@oldenburg.str.redhat.com> From: Yann Droneaud In-Reply-To: <87v8rlqscj.fsf@oldenburg.str.redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hi, Le 25/07/2022 à 14:39, Florian Weimer a écrit : > * Jason A. Donenfeld via Libc-alpha: >> (After all, I didn't see any wild-n-crazy fallback >> to AT_RANDOM like what systemd does with random-util.c: >> https://github.com/systemd/systemd/blob/main/src/basic/random-util.c ) > I had some patches with AT_RANDOM fallback, including overwriting > AT_RANDOM with output from the seeded PRNG. It's certainly messy. I > probably didn't bother to post these patches given how bizarre the whole > thing was. It's not that bizarre as I have some patches too: I tried to harden the way stack_chk_guard and pointer_chk_guard were computed. Those values are currently generated from slices of AT_RANDOM by the loader. But I've seen in the wild program reusing AT_RANDOM, thus possibily leaking stack_chk_guard and pointer_chk_guard values. Having a proper (CS)PRNG in the loader, initialized from AT_RANDOM, that overwrites AT_RANDOM (with fresh entropy if possible) after initialization, would improve programs abusing AT_RANDOM purpose. Regards. -- Yann Droneaud OPTEYA