[Cryptography] WIPEONFORK in Linux 4.14
nico at cryptonector.com
Mon Nov 27 15:09:40 EST 2017
On Mon, Nov 27, 2017 at 08:02:11PM +0100, Florian Weimer wrote:
> * Nico Williams:
> > pthread_atfork() suffices for fork-safety for userland PRNGs,
> This is not true on Linux once you have code that calls fork/clone
> system calls directly (which is traditional for namespace/container
> setup, although it shouldn't strictly be necessary anymore).
> pthread_atfork won't be called in these cases because it's strictly a
> userspace thing.
Right. One should not, however, call syscall(2) to avoid libc stubs.
It's very dangerous for precisely this sort of reason.
> What should work as an MADV_WIPEONFORK replacement is a MAP_SHARED
> mapping and two counters, [...]
Clever. You can also just check that (my_saved_pid == getpid()), which
if you have a fast getpid() via a vdso, is cheap.
More information about the cryptography