On Fri, 8 Jun 2007, Eric Dumazet wrote: > Davide Libenzi a écrit : > > On Thu, 7 Jun 2007, Eric Dumazet wrote: > > > I am afraid randomization wont really work if /sbin/init or /bin/bash for > > > example uses one (or more) unseq fd : > > > The 'random base' will be propagated at fork()/exec() time ? > > > > As I said to Uli, we can't move the base while fds are in there. We can > > re-randomize it when it's empty. This can also be done (it's a trivial and > > fast operation - just set fmap->base to a new value) even every time the fd > > count on the map touches zero. > > > > Hum, I think it would be better to free fmap if it's empty, instead of change > fmap->base. (Only in fork() after removal of O_CLOFORK file handles, and in > exec() after removal of O_CLOEXEC file handles)
That can be done too. When it'll be re-created will be randomized anyway. I'll probably be doing it everytime fmap->count touches zero in __put_unused_fd(), so even if the map is not empty at fork and/or exec time, the program have other chances of randomize in the middle of its lifetime. - Davide
