[Cryptography] WIPEONFORK in Linux 4.14
colm at allcosts.net
Mon Nov 27 17:08:19 EST 2017
On Mon, Nov 27, 2017 at 12:09 PM, Nico Williams <nico at cryptonector.com>
> Right. One should not, however, call syscall(2) to avoid libc stubs.
> It's very dangerous for precisely this sort of reason.
Dangerous but attractive can be a bad combination; there are runtimes and
VMs that use the syscalls directly because they want to emulate their own
lightweight processes. For their environment, it makes sense - to them.
Then sometimes these same environments will also embed a native crypto
library, for performance reasons, and we have an unsafe combination of
events if the native library is relying on pthread_atfork. Everyone is
doing something that mostly makes sense "for them", but users can still end
up with an insecure combination.
> What should work as an MADV_WIPEONFORK replacement is a MAP_SHARED
> > mapping and two counters, [...]
> Clever. You can also just check that (my_saved_pid == getpid()), which
> if you have a fast getpid() via a vdso, is cheap.
This isn't safe because PIDs can be re-used.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography