[Cryptography] WIPEONFORK in Linux 4.14

Colm MacCárthaigh colm at allcosts.net
Mon Nov 27 17:08:19 EST 2017

On Mon, Nov 27, 2017 at 12:09 PM, Nico Williams <nico at cryptonector.com>

> Right.  One should not, however, call syscall(2) to avoid libc stubs.
> It's very dangerous for precisely this sort of reason.

Dangerous but attractive can be a bad combination; there are runtimes and
VMs that use the syscalls directly because they want to emulate their own
lightweight processes. For their environment, it makes sense - to them.
Then sometimes these same environments will also embed a native crypto
library, for performance reasons, and we have an unsafe combination of
events if the native library is relying on pthread_atfork. Everyone is
doing something that mostly makes sense "for them", but users can still end
up with an insecure combination.

> What should work as an MADV_WIPEONFORK replacement is a MAP_SHARED
> > mapping and two counters, [...]
> Clever.  You can also just check that (my_saved_pid == getpid()), which
> if you have a fast getpid() via a vdso, is cheap.

This isn't safe because PIDs can be re-used.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20171127/0f02379d/attachment.html>

More information about the cryptography mailing list