[PATCH] Use arc4random() to permutate talloc_magic number
abartlet at samba.org
Wed Feb 14 03:51:02 UTC 2018
On Wed, 2018-02-14 at 03:59 +0100, Timur I. Bakeyev via samba-technical
> I've noticed that talloc testsuite fails on FreeBSD cause talloc_magic is
> always a predictable number, derived from the function address of the
> loaded library, which is unfortunately always the same(contrary to OpenBSD,
> for example). The existing talloc code uses Linux/glibc specific calls to
> obtaining random bytes to permutate talloc_magic. *BSD has their own set of
> arc4* functions that can provide cryptographically applicable PRNG.
> So, this small patch adds support for the usage of arc4random() to obtain
> random talloc_magic signature per invocation.
The problem I have with this being the default is that unlike on *BSD
arc4random on in libbsd relies on the recent getentropy() stuff or goes
back to /dev/urandom.
Now, you don't link against libbsd intentionally, but I can see that
I chose the getauxval() because we don't want the library constructor
for talloc looking to open files.
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
More information about the samba-technical