[PATCH] Use arc4random() to permutate talloc_magic number

Wed Feb 14 06:06:07 UTC 2018

On Wed, Feb 14, 2018 at 04:51:02PM +1300, Andrew Bartlett via samba-technical wrote:
> On Wed, 2018-02-14 at 03:59 +0100, Timur I. Bakeyev via samba-technical 
> wrote:
> > Hi!
> > 
> > I've noticed that talloc testsuite fails on FreeBSD cause talloc_magic is
> > always a predictable number, derived from the function address of the
> > loaded library, which is unfortunately always the same(contrary to OpenBSD,
> > for example). The existing talloc code uses Linux/glibc specific calls to
> > obtaining random bytes to permutate talloc_magic. *BSD has their own set of
> > arc4*  functions that can provide cryptographically applicable PRNG.
> > 
> > So, this small patch adds support for the usage of arc4random() to obtain
> > random talloc_magic signature per invocation.
> 
> The problem I have with this being the default is that unlike on *BSD
> arc4random on in libbsd relies on the recent getentropy() stuff or goes
> back to /dev/urandom.  
> 
> Now, you don't link against libbsd intentionally, but I can see that
> happening. 
> 
> I chose the getauxval() because we don't want the library constructor
> for talloc looking to open files.

Correct. And if we go there even for talloc, we must abstract
lib/util/genrand.c in a way that it's usable even for the talloc
library initialization. genrand.c is really small enough to be the one
and only place to do the #ifdef-magic for the different flavors of
urandom these days. It might be some library magic necessary, but I
*really* don't want this in more than one file.

Volker

-- 
Besuchen Sie die verinice.XP 2018 in Berlin,
Anwenderkonferenz für Informationssicherheit
vom 21.-23.03.2018 im Sofitel Kurfürstendamm
Info & Anmeldung hier: http://veriniceXP.org

SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de