As part of the arc4random() suite we need a guaranteed way that we can effectively zero data in a child process. For example, with arc4random() we want to make sure that our child doesn't inherit the PRNG state that we have in the parent. Unfortunately atfork() interfaces are a bad fit for several reasons:
- It is not guaranteed that atfork() will fire from a signal handler
- atfork() handlers do not fire when forkall() is used
While we could try to create a new atfork like interface that always fired, this ends up having its own series of challenges. This adds a private memcntl interface to allow us to do this. It, importantly, only works on anonymous privately mapped memory, limiting the potential scope and impact in a way that corresponds to the uses of it.
Updated by Electric Monk about 7 years ago
- Status changed from New to Closed
- % Done changed from 90 to 100
commit 9d12795f87b63c2e39e87bff369182edd34677d3 Author: Robert Mustacchi <email@example.com> Date: 2015-04-12T23:04:38.000Z 5830 want arc4random(3C) suite 5802 want getentropy(3C) 5803 want getrandom(2) 5804 want explicit_bzero(3C) 5805 want MC_INHERIT_ZERO 5806 uuid_generate can leak its cache in edge conditions Reviewed by: Jerry Jelinek <firstname.lastname@example.org> Reviewed by: Joshua M. Clulow <email@example.com> Reviewed by: Josef 'Jeff' Sipek <firstname.lastname@example.org> Reviewed by: Garrett D'Amore <email@example.com> Approved by: Garrett D'Amore <firstname.lastname@example.org>