[Cryptography] WIPEONFORK in Linux 4.14
Florian Weimer
fw at deneb.enyo.de
Mon Nov 27 16:28:57 EST 2017
* Nico Williams:
> On Mon, Nov 27, 2017 at 08:02:11PM +0100, Florian Weimer wrote:
>> * Nico Williams:
>> > pthread_atfork() suffices for fork-safety for userland PRNGs,
>>
>> This is not true on Linux once you have code that calls fork/clone
>> system calls directly (which is traditional for namespace/container
>> setup, although it shouldn't strictly be necessary anymore).
>> pthread_atfork won't be called in these cases because it's strictly a
>> userspace thing.
>
> Right. One should not, however, call syscall(2) to avoid libc stubs.
> It's very dangerous for precisely this sort of reason.
Well, historically, we have done a very poor job exposing clone(2)
functionality in a more ready-to-use manner. What we provide is
geared towards creation of threads, rather than the fork/vfork-like
interface many applications want.
>> What should work as an MADV_WIPEONFORK replacement is a MAP_SHARED
>> mapping and two counters, [...]
>
> Clever. You can also just check that (my_saved_pid == getpid()), which
> if you have a fast getpid() via a vdso, is cheap.
Unfortunately, PIDs get reused too quickly for that:
<https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=0d1ecd6300191a450978ca2fcd12bbbb7c5e65e6>
OpenSSL started to mix in time as well since then, but it's still very
hackish (and I don't blame them—the MAP_SHARED trick is unlikely to
work on all platforms they need to support, and we don't know yet if
it will withstand the test of time).
More information about the cryptography
mailing list