[uClibc 0000885]: arc4random in mktemp
bugs at busybox.net
bugs at busybox.net
Wed Jun 20 03:10:29 UTC 2007
A NOTE has been added to this issue.
======================================================================
http://busybox.net/bugs/view.php?id=885
======================================================================
Reported By: ashes
Assigned To: uClibc
======================================================================
Project: uClibc
Issue ID: 885
Category: Security
Reproducibility: N/A
Severity: feature
Priority: normal
Status: assigned
======================================================================
Date Submitted: 05-29-2006 02:58 PDT
Last Modified: 06-19-2007 20:10 PDT
======================================================================
Summary: arc4random in mktemp
Description:
I have attached a patch to configure mktemp(3) to use the arc4random
function. While I was at it I fixed some of the SSP grammar.
======================================================================
----------------------------------------------------------------------
ashes - 06-05-06 21:44
----------------------------------------------------------------------
I uploaded too soon, again. Please wait while I go noodle with a new
patch.
I have #ifdef'd around inlining problems with gcc3 and arc4random.c; added
ifdefs to make arc4random.c portable to uClibc, glibc, and standalone; and
added all kinds of menu options for erandom.
I made menu choice options to give priority's to /dev/erandom and sysctl
erandom in case both are enabled; and another choice option for mktemp in
case both /dev/erandom and arc4random are enabled.
I've also decided to eliminate the sysctl loop for erandom (which you may
or may not remember in the old ssp.c), in light of a new erandom kernel
patch which provides 256 byte values (instead of 16 byte). This saves
multiple sysctl calls.
I also want to verify intel-cc is happy with arc4random.c.
----------------------------------------------------------------------
ashes - 06-19-07 20:10
----------------------------------------------------------------------
So anyway. Attached is an updated patch. Uses a character array now, with
better use of uninitialized variables if it comes down to that. Nicer
copyright, from upstream. Added a manual page and a simple test. -Wall
-Wformat=2 -W -Wextra gcc41 friendly.
There is a new function __arc4_getbyte(), commented out, which is being
used by openbsd in malloc.c. It may not be very useless in Linux, because
openbsd depends solely on sysctl arandom for entropy, while in Linux
sysctl is being phased out of kernel26 so we need to use /dev/urandom and
use backup routines if we're in a chroot. So.. __arc4_getbyte() might be
too heavy for malloc(), in Linux.
I also added a config option to not use /dev/urandom, for headless
systems.
Issue History
Date Modified Username Field Change
======================================================================
05-29-06 02:58 ashes New Issue
05-29-06 02:58 ashes Status new => assigned
05-29-06 02:58 ashes Assigned To => uClibc
05-29-06 02:58 ashes File Added: uClibc-20060529-arc4_mktemp-1.patch
05-29-06 03:00 ashes Issue Monitored: ashes
06-05-06 21:44 ashes Note Added: 0001404
06-19-07 20:09 ashes File Added: uClibc-20070619-arc4.diff
06-19-07 20:10 ashes Note Added: 0002490
======================================================================
More information about the uClibc-cvs
mailing list