Hello hackers, I'm going to disturb you once again with ProPolice. The original ProPolice patch, as well as most of FreeBSD variants and Linux one, uses /dev/urandom to fill the "canary" with random data (the canary is what is going to be put between buffer and return address in the stack). OTOH, OpenBSD uses kern.arnd sysctl to achieve this (this is a sysctl front-end to the arc4random() function).
I don't really see the pros and cons between the two methods, so I'd like taste your opinions. Note that the first method (opening /dev/urandom) requires to patch open(2) wrapper from libpthread and libthr (cognet@ did this for me), in order to initialize _thr_initial, because the SSP constructor is called quite early. The second method requires to introduce the kern.arnd sysctl (KERN_ARND). FYI, note that NetBSD has kern.urandom (KERN_URND) and they define KERN_ARND to be an alias to this. Your comments will be welcome. Best regards, -- Jeremie Le Hen < jeremie at le-hen dot org >< ttz at chchile dot org > _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
