[EMAIL PROTECTED] wrote: > On Fri, 8 Jul 2005, Jeremie Le Hen wrote: > > > Hello hackers, > > > > I'm going to disturb you once again with ProPolice. The > > original ProPolice patch, as well as most of FreeBSD variants > > and Linux one, uses /dev/urandom to fill the "canary" with > > random data (the canary is what is going to be put between > > buffer and return address in the stack). OTOH, OpenBSD uses > > kern.arnd sysctl to achieve this (this is a sysctl front-end > > to the arc4random() function). > > Just one question, why does the canary have to be filled with > random data? Why not just zero it? sure you get a single random > value to find out how many zero's to use, but why waste that much > good-quality random data (and of course if there isn't enough in > urandom, you would have to make it loop till there is enough unless > you make it just leave the rest as-is) > > IMHO there is no advantages (well, that i can see) of having it > random data rather than just NULL... > > Feel free to correct me if i'm wrong...
You're wrong, when the canary value is fixed and known (such as in terminator canaries), there are cases where an attacker could manage to reset the canary to the expected value and circumvent the protection mechanism. That chance doesn't exist with random canaries. AFAIK, ProPolice supports both terminator and random canaries. As for the original topic, I would prefer the sysctl front-end, IMO it's more consistent with other BSDs and more clean and direct while extending open(2) would only appear transparent at the expense of needlessly increasing the complexity of open(2). ALeine ___________________________________________________________________ WebMail FREE http://mail.austrosearch.net _______________________________________________ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to "[EMAIL PROTECTED]"
