Actions
Feature #5805
closedwant MC_INHERIT_ZERO
Start date:
Due date:
% Done:
100%
Estimated time:
Difficulty:
Medium
Tags:
Gerrit CR:
Description
As part of the arc4random() suite we need a guaranteed way that we can effectively zero data in a child process. For example, with arc4random() we want to make sure that our child doesn't inherit the PRNG state that we have in the parent. Unfortunately atfork() interfaces are a bad fit for several reasons:
- It is not guaranteed that atfork() will fire from a signal handler
- atfork() handlers do not fire when forkall() is used
While we could try to create a new atfork like interface that always fired, this ends up having its own series of challenges. This adds a private memcntl interface to allow us to do this. It, importantly, only works on anonymous privately mapped memory, limiting the potential scope and impact in a way that corresponds to the uses of it.
Updated by Electric Monk over 7 years ago
- Status changed from New to Closed
- % Done changed from 90 to 100
git commit 9d12795f87b63c2e39e87bff369182edd34677d3
commit 9d12795f87b63c2e39e87bff369182edd34677d3 Author: Robert Mustacchi <rm@joyent.com> Date: 2015-04-12T23:04:38.000Z 5830 want arc4random(3C) suite 5802 want getentropy(3C) 5803 want getrandom(2) 5804 want explicit_bzero(3C) 5805 want MC_INHERIT_ZERO 5806 uuid_generate can leak its cache in edge conditions Reviewed by: Jerry Jelinek <jerry.jelinek@joyent.com> Reviewed by: Joshua M. Clulow <josh@sysmgr.org> Reviewed by: Josef 'Jeff' Sipek <josef.sipek@nexenta.com> Reviewed by: Garrett D'Amore <garrett@damore.org> Approved by: Garrett D'Amore <garrett@damore.org>
Actions