A mirror of https://github.com/libressl/openbsd.git https://git.lua4.win/openbsd/atom?h=libressl-v2.4.0 2016-04-19T20:20:24+00:00 2016-04-19T20:20:24+00:00 tj 2016-04-19T20:20:24+00:00 urn:sha1:86631535ec5e92d1d055ad8b03986f6dc52cc4d7 2016-01-04T02:04:56+00:00 bcook 2016-01-04T02:04:56+00:00 urn:sha1:0f894628446dec0db2f00dac168dac6bcb7dd705 Work around this particular case by reseeding whenever pid=1, but as guenther@ notes, directly calling clone(2), and then forking to match another pid, provides other ways to bypass new process detection on Linux. Hopefully at some point Linux implements something like MAP_INHERIT_ZERO, and does not invent a corresponding mechanism to subvert it. Noted by Sebastian Krahmer and the opmsg team. See http://stealth.openwall.net/crypto/randup.c for a test program. ok beck@ 2015-09-11T11:52:55+00:00 deraadt 2015-09-11T11:52:55+00:00 urn:sha1:2a8f39dde4eb3fc8b492e8c665128c557ff500af 2015-08-25T17:26:43+00:00 deraadt 2015-08-25T17:26:43+00:00 urn:sha1:fc3d3d60211a42640c6c2273a1d4edf9901f1492 2015-08-25T17:22:56+00:00 deraadt 2015-08-25T17:22:56+00:00 urn:sha1:fbe008c26edb3f5528ff750684198fb495993d3a 2015-06-13T02:33:58+00:00 bcook 2015-06-13T02:33:58+00:00 urn:sha1:7046960ffae4141275822862cb7065584b59d3ae This only provides the sysctl wrapper in glibc, which we do not use and is not available in other libc implementations for Linux. Thanks to ncopa from github. 2015-04-27T03:37:06+00:00 bcook 2015-04-27T03:37:06+00:00 urn:sha1:29b3e8caf044d209b7dcfe76059033f1e5174a65 Include it if we have the sysctl syscall. 2015-04-27T03:34:43+00:00 bcook 2015-04-27T03:34:43+00:00 urn:sha1:218560577e54c8df6beb6f07c4ce700f230c8fe1 From Michael Felt. 2015-03-30T11:29:48+00:00 bcook 2015-03-30T11:29:48+00:00 urn:sha1:9a233fbb9c7e0c8634665919ddc8b9da92a7f3c4 2015-03-22T13:28:03+00:00 bcook 2015-03-22T13:28:03+00:00 urn:sha1:2726156be030e091258537fe7ca338f221ab9277