Hi,
Le 25/07/2022 à 14:39, Florian Weimer a écrit :
* Jason A. Donenfeld via Libc-alpha:
(After all, I didn't see any wild-n-crazy fallback
to AT_RANDOM like what systemd does with random-util.c:
https://github.com/systemd/systemd/blob/main/src/basic/random-util.c )
I had some patches with AT_RANDOM fallback, including overwriting
AT_RANDOM with output from the seeded PRNG. It's certainly messy. I
probably didn't bother to post these patches given how bizarre the whole
thing was.
It's not that bizarre as I have some patches too: I tried to harden the
way stack_chk_guard and pointer_chk_guard were computed.
Those values are currently generated from slices of AT_RANDOM by the loader.
But I've seen in the wild program reusing AT_RANDOM, thus possibily
leaking stack_chk_guard and pointer_chk_guard values.
Having a proper (CS)PRNG in the loader, initialized from AT_RANDOM, that
overwrites AT_RANDOM (with fresh entropy if possible) after
initialization, would improve programs abusing AT_RANDOM purpose.
Regards.
--
Yann Droneaud
OPTEYA